Texts/codes to test for XSS attacks in my software/website

Question

Firstly, I do not have any malicious intent out of this question. I would like to know what text to copy paste and test in my text areas and text boxes to see if they are stripped correctly.

Currently I use something as limited as:

<script>
alert('xss');
</script>
<a href="www.test.com" onclick="javascript:alert('xss');">test</a>
<img src="http://localhost/logo.gif" onclick="alert('xss');">

Can someone provide or suggest a comprehensive list of tests to check if my site is XSS-proof.

Thank you for your time.

Answer 1

Parse all the <code> tags from http://ha.ckers.org/xssAttacks.xml.