I'm writing a blog article about script injection into the miva merchant environment we use at my work. I remember seeing a list of script injection strings somewhere. I think it was from an htmlpurifier thread. Ambush Commander, do you know what I'm talking about?
EDIT: Found it!
http://ha.ckers.org/xss.html
Thanks anyway guys!
