There are too many XSS challenges so I call this one XSS puzzle ;)

XSS here and check source code.

Rules:

• Execute alert(1) in this origin (data:text/html won't help)
• XSS in any latest browser. Browser specific solution is accepted
• There is an expected solution
• It has nothing to do with PHP tricks, nor server side magic. You can grab the code and play locally

Send your solution to filedescriptor@gmail.com of @filedescriptor or @mramydnei if you solved it, and your name will be put here.

Solvers:

1. Masato Kinugawa(@kinugawamasato) - comes with an approach which is very similar to the expected solution (IE only)
2. Oren Hafif(@OrenHafif) - also comes with an approach similar to Masato's (IE only)
3. Team Mario Heiderich(@0x6D6172696F) and Rafay Baloch(@rafaybaloch) - solves the puzzle using the expected solution (IE only)
4. Alex Inführ(@insertScript) - is able to figure out the expected solution as well (IE only)
5. Haru Sugiyama(@harupuxa) - just wow... Although Haru sent his solution after the challenge was over, the solution is just incredible that we didn't expect (IE only)

Updated (23/8): Since two weeks have passed and still no solvers yet, I've decided to give some hints:

1. The expected solution works in IE only
2. You need to bypass htmlspecialchars. I mean not the obvious single qoute(') but less than sign(<) and greater than sign(>)
3. In order to achieve hint number 2, you may need to abuse a browser's feature
4. Let's see if the above hints are enough...