Here is the code for displaying messages. Your goal is to perform an XSS injection with alert(1) (Note: exactly alert(1), not alert('1'), not alert('taco'), not anything else) on this page.

  if(isset($_POST['message']) and isset($_POST['title'])){
    $title = strip_tags($_POST['title']);
    $message = strip_tags($_POST['message']);
    $user = strip_tags($_SESSION['username']);
    echo "<div style='border:solid silver 2px; width:400px;' title='$title'>Message by $user: $message</div>";
Note: This challenge has a hard-coded set of accepted answers.

You must be logged in order to submit an answer.

Challenge by ynori7.