The attacker bypasses input validation by using doubled characters in
						order to perform a cross-site scripting attack. Some filters fail to
						recognize dangerous sequences if they are preceded by repeated characters.
						For example, by doubling the < before a script command,
						(<<script or %3C%3script using URI encoding) the filters of
						some web applications may fail to recognize the presence of a script tag. If
						the targeted server is vulnerable to this type of bypass, the attacker can
						create a crafted URL or other trap to cause a victim to view a page on the
						targeted server where the malicious content is executed, as per a normal XSS
						attack.