Here is a really strange bug that appears to be fixed in the latest web browser versions.
Some browsers will actually render <script> tags inside of <link>, <a href>, <div>, <img>, and possibly many other tags. See some examples on my test page. If you are running a vulnerable browser, some alert boxes will pop up. If you are running a browser where the bug has been fixed, then you won't really see much except some broken HTML code. Make sure to view the source of the page to see how the test site was setup.
Update 9/22/2011: I noticed that many mobile browsers are vulnerable to this bug, including iOS and Android Browser.
Can you trust your web browser? Many web browsers have bugs that cause them to render some characters from different character sets incorrectly. The following pages will demonstrate these bugs by example by showing how Despite what your browser may display on the following pages, none of the linked pages are <script> tags might be inserted even if the " < " and " > " are properly filtered by the web server.
Encoding TypeVulnerable BrowsersVulnerable CharacterUnicode GraphicComments
UTF-7IE6, IE7, IE8, FireFox < 4Nothing crazy here, just normal UTF-7 encoding
X-IMAP4-MODIFIED-UTF7FireFox < 4Nothing crazy here, but a strange character set nonetheless
X-MAC-FARSIFirefox < 3.6.13[\xBC]☼☽☾Variable Width Characters are improperly decoded
X-MAC-ARABICFirefox < 3.6.13[\xBC]ټVariable Width Characters are improperly decoded
X-MAC-HEBREWFirefox < 3.6.13[\xBC]ּלVariable Width Characters are improperly decoded
Shift_JISIE6*, IE7*, Firefox, Opera[\x81]?Multi-Byte Character indicator clobbers the double-quote *IE is affected when the Japanese language packs are installed
UTF-8IE6, Opera < 11.0[\xC0]À, ﾀMulti-Byte Character indicator clobbers the double-quote
US-ASCIIIE6, IE7[\xBC]¼, ｼIncorrectly reads an 8-bit character
Tip: If you still don't "get" whats going on here, check out some of these vectors in a webkit browser like Safari or Chrome.