I'm sitting on a method for testing sites that I used to figure out the xss vulns of even kali.org (HTML entities) and I was wondering if there would be any public interest in helping build a toolset for it. Here's the step by step

1. Insert an Anchor onto the page recalling the website URL after the anchor into the page using #
2. enter your payload, use as many encodings and special characters as you can to see which passes through Ex. kali.org/#<>/'"&lt;
3. inspect page and open up your console
4. enter the command document.write(location.hash.substring(1))
5. the page should go flat white and show you just what was entered after its trip through conversion and encoding. Eg on kali.org/#<>/'"&lt; ----> %3C%3E/'%22
as you can see the only thing that came through was the ',
6.then comes working around with encodings to figure out which ones are true and map them out

email me if interested
****-ghastly@bugcrowdninja.com