Cross-Site Scripting (XSS) is a constant problem of the Web platform. Since its initial public documentation in the year 2000 until the present day, XSS is continuously on top of the vulnerability statistics. Even though a considerable amount of research and developer education has been conducted to address XSS on the source code level, the overall number of discovered XSS problems remains high. For this reason various approaches to mitigate XSS have been proposed as a second line of defense, with HTML sanitizers, Web Application Firewalls, browser-based XSS filters, and the Content Security Policy being only some prominent examples. Thereby, most of these mechanisms focus on script tags and event handlers, by either removing them from user-provided content or by preventing their script code from executing.