This works in Safari, Firefox, Chrome, and Opera.

1. <!DOCTYPE html>
2. <head>
3. <title>Oh no!</title>
4. <script type="text/javascript">
5.     var xss = "</script><script>alert('XSS');</script>";
6. </script>
7. </head>
8. <body>
9. <p>And you thought parsers were smart.</p>
10. </body>
11. </html>