Before change code, please see next link:  
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet