JavaScript Beispiel, wie man aus einem String ausbrechen kann.

Fuck XSS

<!DOCTYPE html>
<html>
  <head>
    <title>Fuck XSS</title>
  </head>
  <body style="background-color:red;">
    <script>
      var test = '--></title></script></iframe></style></textarea></span><svg/onload=alert(String.fromCharCode(49))>';
      alert(test);
      document.getElementsByTagName("body")[0].style.backgroundColor = "green"; 
    </script>
  </body>
</html>