Browser based tool for website XSS testing
Anleitung, wie man in php utf7-strings zur filter evasion erzeugt
Explanation, why Google was vulnerable against UTF-7 encoding
Proposal for an extension of http/HTML to migiate XSS threats
Microsoft ASP.NET version 2 also fights cross-site request forgeries with a MAC'ed token: