tfountain/gist:2967375

## gistfile1.phtml
<html>
<head>
<title>Test</title>
</head>

<body>

<form method="get" action="">
<?php
$data = "' onmouseover='alert(document.cookie);' foo=' ";

echo "<input type='hidden' value='" . htmlspecialchars($data) . "' />\n";
?>

</form>

</body>
</html>
	<html>
	<head>
	<title>Test</title>
	</head>

	<body>

	<form method="get" action="">
	<?php
	$data = "' onmouseover='alert(document.cookie);' foo=' ";

	echo "<input type='hidden' value='" . htmlspecialchars($data) . "' />\n";
	?>

	</form>

	</body>
	</html>