The attacker bypasses web application filtering by using alternate
						character encoding in order to execute a cross-site scripting (XSS) attack.
						The attacker may use alternate encoding schemes such as URI or Unicode
						character encodings. As long as the comparison between the string containing
						the alternate encoded character(s) and the target string is done before the
						input is fully normalized the comparison may fail to detect prohibited
						commands. Once filters are bypassed, the attack proceeds as a normal XSS
						attack, potentially resulting in the loss of sensitive cookies or other
						actions.