Autocomplete Test: Script Injection Attacks
This tests the security of the Autocomplete control. It has a few numbered options for different tests. Some html is raw and some is escaped. Test multiple browsers. IE Edge and FireFox have trouble with svg onload even when html is escaped.
Some tests involve mousing over the word "THIS". Others test protection against the svg onload attack. If an alert box pops up, then there is a security vulnerability.