Anurag Agarwal from AttackLabs.com, has created a web-based XSS filter - written in Java - to test against all the possible attacks mentioned in the RSnake's XSS cheat sheet.
According to information provided by Anurag, Watchfire's AppScan was not able to detect any XSS attacks from the cheat sheet. He requests the application security community to voluntarily help and test his XSS filter. Furthermore, he is "90% sure that you wont be able to perform any XSS attack on it, the rest 10% i will find out after the feedback from the community". If you are able to perform successfully an XSS attack, you can send Anurag an e-mail with your name, browser used and the XSS attack string.
