Rofl, nothing can bypass chrome with 1 get variable under "normal circumstances" as with any filter nowadays (IE,noscript,chrome). Anyway it's another method, not public. That vector will be used to solve my level 2 xss challenge i posted . So i can't do it "write".