In-built XSSAuditor in Google Chrome does not protect us always!

Read: http://blog.elevenpaths.com/2014/01/how-to-bypass-antixss-filter-in-chrome.html
(Spanish Security Company elevenpaths dot com article)

ScriptSafe in Google Chrome protected me here:

Other abuse for Google Chrome’s XSSAuditor: http://homakov.blogspot.nl/2013/02/hacking-with-xss-auditor.html
Subtle manipulation: http://homakov.blogspot.nl/2012/07/saferweb-most-common-oauth2.html

Do not trust anything to be secure, test and check…

polonus