The cross-site scripting vulnerability has not been fixed in the comment function.
Test 1: Embedded
You may be trying to filter certain keywords such as removing the word
script. This is not how you should try to fix a XSS vulnerability. Please review the Defense section of the lesson and try again.
Test 2: HTML Element Parser
You may be trying to filter or user regular expressions such as accounting for a specific element. We want to account for all elements. Please review the Defense section of the lesson and try again.