Internet Explorer Accepts Style Attributes on Closing HTML Tags
There’s a really interesting thread on sla.ckers.org talking about bypassing some fairly rigid anti-XSS vectors that allow nothing that looks like HTML. Specifically it doesn’t allow <[A-Za-z] which does limit the vectors pretty substantially. In the process of working through the attack vector Hong mentioned that an attack could surface inside of an end HTML [...]