New XSS vector

Yes a XSS post again. I'm sorry :)

I've been having fun testing some really good filters (some of the best in the business IMO). I found a vector that isn't on rsnake's cheat sheet. Check it out:-

Only works on IE

<pre lang="html"> &lt;isindex type=image src=1 onerror=alert(1)&gt; </pre>

Because IE treats the isindex element (a very old html element) as a input tag you can specify the same attributes and execute javascript.

Update...

Found another variation which is pretty cool:-

<pre lang="html"> &lt;isindex action=javascript:alert(1) type=image&gt; </pre>