Wow, 249 added. And a friendly mix of script injection, iframes, css, and image tags (had to disable the inline script tags because the redirects made people unable to see the data). Someone even changed the background image of the Webshell.IO interface itself.

It might be a good idea for the webshell guys to add some basic xss protection, but otherwise, I think we've proven this is a neat idea.