Looking for multibyte UTF-8 characters leading to XSS in javascript context

Is it possible to launch a XSS attack on modern browsers, when the server encodes special ASCII characters like ‘"’ or ‘<’ or ‘>’, but not valid multibyte UTF-8 characters, without using server-side normalization issues?The user controlled value is passed into a javascript inside a html script tag as a string constant, so it is between two double quotes.
Any ideas?


My answer would be no, but it may vary depends upon the situation. in general case JS is looking for end of " to end, and anything in between that considered as sting, however you may like the above payload. when ; is blocked but " is not.

Ok, thank you for answering.