Enter these into form fields, save them in the database using the CMS, add them to the querystring on the URL. Make sure you have the javascript debugger turned on and check for errors.
<script>alert('hi')</script>
"jeremy" and mike's & “curly” chars
?>'"><script>alert(86078)</script>
Here's another chestnut worth testing for when entering stuff in forms and the content is to be written to the page at a later time..
<!--
That is an html opening tag for a comment so every thing after that will not be written to the page until a --> (comment closing tag) is encountered.
Leave a Comment
Comments