diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02741.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02741.java
new file mode 100644
index 0000000000..30885f58a3
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02741.java
@@ -0,0 +1,54 @@
+/**
+ * OWASP Benchmark Project v1.2
+ *
+ * <p>This file is part of the Open Web Application Security Project (OWASP) Benchmark Project. For
+ * details, please see <a
+ * href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+ *
+ * <p>The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, version 2.
+ *
+ * <p>The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * @author Nick Sanidas
+ * @created 2015
+ */
+package org.owasp.benchmark.testcode;
+
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@WebServlet(value = "/xss-00/BenchmarkTest02741")
+public class BenchmarkTest02741 extends SanitizingHttpServlet {
+
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void doPost(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        response.setContentType("text/html;charset=UTF-8");
+        response.setHeader("X-XSS-Protection", "0");
+
+        String param = request.getParameter("email");
+        if (param == null) param = "";
+        String sanitizeParam = sanitizeAttribute(param);
+
+        String htmlResponse = "<html>";
+        htmlResponse +=
+                "<head></head><body><div class=\"col-sm-4\">\n"
+                        + " <input type=\"password\" class=\"form-control\" id=\"password\" placeholder=\"Password\""
+                        + " name='password' th:value='"
+                        + sanitizeParam
+                        + "'/>"
+                        + " </div></body>";
+        htmlResponse += "</html>";
+
+        response.getWriter().println(htmlResponse);
+    }
+}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02741.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02741.xml
new file mode 100644
index 0000000000..8dae3f1b37
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02741.xml
@@ -0,0 +1,7 @@
+<test-metadata>
+    <benchmark-version>1.2</benchmark-version>
+    <category>xss</category>
+    <test-number>02741</test-number>
+    <vulnerability>false</vulnerability>
+    <cwe>79</cwe>
+</test-metadata>
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02742.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02742.java
new file mode 100644
index 0000000000..1b0dc83561
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02742.java
@@ -0,0 +1,53 @@
+/**
+ * OWASP Benchmark Project v1.2
+ *
+ * <p>This file is part of the Open Web Application Security Project (OWASP) Benchmark Project. For
+ * details, please see <a
+ * href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+ *
+ * <p>The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, version 2.
+ *
+ * <p>The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * @author Nick Sanidas
+ * @created 2015
+ */
+package org.owasp.benchmark.testcode;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@WebServlet(value = "/xss-00/BenchmarkTest02742")
+public class BenchmarkTest02742 extends SanitizingHttpServlet {
+
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void doPost(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        response.setContentType("text/html;charset=UTF-8");
+        response.setHeader("X-XSS-Protection", "0");
+
+        String param = request.getParameter("email");
+        if (param == null) param = "";
+        String sanitizeParam = sanitizeTag(param);
+
+        String htmlResponse = "<html>";
+        htmlResponse +=
+                "<head></head><body><div class=\"col-sm-4\">\n"
+                        + " <input type=\"password\" class=\"form-control\" id=\"password\" placeholder=\"Password\""
+                        + " name='password' th:value='"
+                        + sanitizeParam
+                        + "'/>"
+                        + " </div></body>";
+        htmlResponse += "</html>";
+
+        response.getWriter().println(htmlResponse);
+    }
+}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02742.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02742.xml
new file mode 100644
index 0000000000..7b26c50b83
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02742.xml
@@ -0,0 +1,7 @@
+<test-metadata>
+    <benchmark-version>1.2</benchmark-version>
+    <category>xss</category>
+    <test-number>02742</test-number>
+    <vulnerability>true</vulnerability>
+    <cwe>79</cwe>
+</test-metadata>
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02743.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02743.java
new file mode 100644
index 0000000000..f3b452bf0c
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02743.java
@@ -0,0 +1,40 @@
+package org.owasp.benchmark.testcode;
+
+import java.io.IOException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@WebServlet(value = "/xss-00/BenchmarkTest02743")
+public class BenchmarkTest02743 extends SanitizingHttpServlet {
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void doPost(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        response.setContentType("text/html;charset=UTF-8");
+        response.setHeader("X-XSS-Protection", "0");
+
+        String param = request.getParameter("email");
+        if (param == null) param = "";
+        Pattern p =
+                Pattern.compile(
+                        "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}$", Pattern.CASE_INSENSITIVE);
+        Matcher m = p.matcher(param);
+        boolean b = m.find();
+        String sanitizeParam = newSanitizedValue(param);
+
+        String htmlRespone = "<html><head></head><body><script>";
+        if (param != null && param.trim().length() != 0 && b) {
+
+            htmlRespone += "alert(\"Our reply will be sent to your email: " + sanitizeParam + "\")";
+        } else {
+            htmlRespone += "alert(\"the provided email is not correct: " + sanitizeParam + "\")";
+        }
+        htmlRespone += "</script></body></html>";
+        response.getWriter().println(htmlRespone);
+    }
+}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02743.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02743.xml
new file mode 100644
index 0000000000..ab16fdfbc7
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02743.xml
@@ -0,0 +1,7 @@
+<test-metadata>
+    <benchmark-version>1.2</benchmark-version>
+    <category>xss</category>
+    <test-number>02743</test-number>
+    <vulnerability>true</vulnerability>
+    <cwe>79</cwe>
+</test-metadata>
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02744.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02744.java
new file mode 100644
index 0000000000..b295b2dcd8
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02744.java
@@ -0,0 +1,38 @@
+package org.owasp.benchmark.testcode;
+
+import java.io.IOException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@WebServlet(value = "/xss-00/BenchmarkTest02744")
+public class BenchmarkTest02744 extends SanitizingHttpServlet {
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void doPost(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        response.setContentType("text/html;charset=UTF-8");
+        response.setHeader("X-XSS-Protection", "0");
+        String param = request.getParameter("email");
+        if (param == null) param = "";
+        Pattern p =
+                Pattern.compile(
+                        "^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}$", Pattern.CASE_INSENSITIVE);
+        Matcher m = p.matcher(param);
+        boolean b = m.find();
+        String sanitizeParam = newSanitizedValue(param);
+
+        String htmlRespone = "<html><head></head><body><p>";
+        if (param != null && param.trim().length() != 0 && b) {
+            htmlRespone += "Our reply will be sent to your email: " + sanitizeParam;
+        } else {
+            htmlRespone += "the provided email is not correct: " + sanitizeParam;
+        }
+        htmlRespone += "</p></body></html>";
+        response.getWriter().println(htmlRespone);
+    }
+}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02744.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02744.xml
new file mode 100644
index 0000000000..fc113cc247
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02744.xml
@@ -0,0 +1,7 @@
+<test-metadata>
+    <benchmark-version>1.2</benchmark-version>
+    <category>xss</category>
+    <test-number>02744</test-number>
+    <vulnerability>false</vulnerability>
+    <cwe>79</cwe>
+</test-metadata>
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02745.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02745.java
new file mode 100644
index 0000000000..23cb6aa285
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02745.java
@@ -0,0 +1,47 @@
+/**
+ * OWASP Benchmark Project v1.2
+ *
+ * <p>This file is part of the Open Web Application Security Project (OWASP) Benchmark Project. For
+ * details, please see <a
+ * href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+ *
+ * <p>The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, version 2.
+ *
+ * <p>The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * @author Nick Sanidas
+ * @created 2015
+ */
+package org.owasp.benchmark.testcode;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@WebServlet(value = "/xss-00/BenchmarkTest02745")
+public class BenchmarkTest02745 extends SanitizingHttpServlet {
+
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void doPost(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        response.setContentType("text/html;charset=UTF-8");
+        response.setHeader("X-XSS-Protection", "0");
+
+        String param = request.getParameter("email");
+        if (param == null) param = "";
+        String sanitizeParam = sanitizeAttribute(param);
+
+        String htmlResponse = "<html>";
+        htmlResponse += "<head></head><body>" + sanitizeParam + "</body>";
+        htmlResponse += "</html>";
+
+        response.getWriter().println(htmlResponse);
+    }
+}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02745.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02745.xml
new file mode 100644
index 0000000000..30e6c34ad1
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02745.xml
@@ -0,0 +1,7 @@
+<test-metadata>
+    <benchmark-version>1.2</benchmark-version>
+    <category>xss</category>
+    <test-number>02745</test-number>
+    <vulnerability>true</vulnerability>
+    <cwe>79</cwe>
+</test-metadata>
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02746.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02746.java
new file mode 100644
index 0000000000..c271cfc6aa
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02746.java
@@ -0,0 +1,47 @@
+/**
+ * OWASP Benchmark Project v1.2
+ *
+ * <p>This file is part of the Open Web Application Security Project (OWASP) Benchmark Project. For
+ * details, please see <a
+ * href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+ *
+ * <p>The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, version 2.
+ *
+ * <p>The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * @author Nick Sanidas
+ * @created 2015
+ */
+package org.owasp.benchmark.testcode;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@WebServlet(value = "/xss-00/BenchmarkTest02746")
+public class BenchmarkTest02746 extends SanitizingHttpServlet {
+
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void doPost(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        response.setContentType("text/html;charset=UTF-8");
+        response.setHeader("X-XSS-Protection", "0");
+
+        String param = request.getParameter("email");
+        if (param == null) param = "";
+        String sanitizeParam = sanitizeTag(param);
+
+        String htmlResponse = "<html>";
+        htmlResponse += "<head></head><body>" + sanitizeParam + "</body>";
+        htmlResponse += "</html>";
+
+        response.getWriter().println(htmlResponse);
+    }
+}
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02746.xml b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02746.xml
new file mode 100644
index 0000000000..56daff28eb
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02746.xml
@@ -0,0 +1,7 @@
+<test-metadata>
+    <benchmark-version>1.2</benchmark-version>
+    <category>xss</category>
+    <test-number>02746</test-number>
+    <vulnerability>false</vulnerability>
+    <cwe>79</cwe>
+</test-metadata>
\ No newline at end of file
diff --git a/src/main/java/org/owasp/benchmark/testcode/Intermediate.java b/src/main/java/org/owasp/benchmark/testcode/Intermediate.java
new file mode 100644
index 0000000000..cffa7e7d5b
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/Intermediate.java
@@ -0,0 +1,56 @@
+/**
+ * OWASP Benchmark Project v1.2
+ *
+ * <p>This file is part of the Open Web Application Security Project (OWASP) Benchmark Project. For
+ * details, please see <a
+ * href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+ *
+ * <p>The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, version 2.
+ *
+ * <p>The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * @author Nick Sanidas
+ * @created 2015
+ */
+package org.owasp.benchmark.testcode;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class Intermediate extends HttpServlet {
+
+    @Override
+    public void doGet(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        doPost(request, response);
+    }
+
+    protected String sanitizeAttribute(String parameter) {
+        String parameter1 = parameter;
+        parameter1 = parameter1.replaceAll("'", "&#39;");
+        parameter1 = parameter1.replaceAll("\"", "&quot;");
+        parameter1 = parameter1.replaceAll("&", "&amp;");
+        return parameter1;
+    }
+
+    protected String sanitizeTag(String parameter) {
+        String parameter1 = parameter;
+        parameter1 = parameter1.replaceAll("&", "&amp;");
+        parameter1 = parameter1.replaceAll("<", "\\u003C");
+        parameter1 = parameter1.replaceAll(">", "\\u003E");
+        return parameter1;
+    }
+
+    protected String newSanitizedValue(String parameter) {
+        parameter = parameter.replaceAll("&", "&amp;");
+        parameter = parameter.replaceAll("<", "&lt;");
+        parameter = parameter.replaceAll(">", "&gt;");
+        return parameter;
+    }
+}
diff --git a/src/main/java/org/owasp/benchmark/testcode/SanitizingHttpServlet.java b/src/main/java/org/owasp/benchmark/testcode/SanitizingHttpServlet.java
new file mode 100644
index 0000000000..ac27352d4c
--- /dev/null
+++ b/src/main/java/org/owasp/benchmark/testcode/SanitizingHttpServlet.java
@@ -0,0 +1,56 @@
+/**
+ * OWASP Benchmark Project v1.2
+ *
+ * <p>This file is part of the Open Web Application Security Project (OWASP) Benchmark Project. For
+ * details, please see <a
+ * href="https://owasp.org/www-project-benchmark/">https://owasp.org/www-project-benchmark/</a>.
+ *
+ * <p>The OWASP Benchmark is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation, version 2.
+ *
+ * <p>The OWASP Benchmark is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * @author Nick Sanidas
+ * @created 2015
+ */
+package org.owasp.benchmark.testcode;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class SanitizingHttpServlet extends HttpServlet {
+
+    @Override
+    public void doGet(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+        doPost(request, response);
+    }
+
+    protected String sanitizeAttribute(String parameter) {
+        String parameter1 = parameter;
+        parameter1 = parameter1.replaceAll("'", "&#39;");
+        parameter1 = parameter1.replaceAll("\"", "&quot;");
+        parameter1 = parameter1.replaceAll("&", "&amp;");
+        return parameter1;
+    }
+
+    protected String sanitizeTag(String parameter) {
+        String parameter1 = parameter;
+        parameter1 = parameter1.replaceAll("&", "&amp;");
+        parameter1 = parameter1.replaceAll("<", "\\u003C");
+        parameter1 = parameter1.replaceAll(">", "\\u003E");
+        return parameter1;
+    }
+
+    protected String newSanitizedValue(String parameter) {
+        parameter = parameter.replaceAll("&", "&amp;");
+        parameter = parameter.replaceAll("<", "&lt;");
+        parameter = parameter.replaceAll(">", "&gt;");
+        return parameter;
+    }
+}
diff --git a/src/main/webapp/xss-00/BenchmarkTest02741.html b/src/main/webapp/xss-00/BenchmarkTest02741.html
new file mode 100644
index 0000000000..32a11425d1
--- /dev/null
+++ b/src/main/webapp/xss-00/BenchmarkTest02741.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<script src="/benchmark/js/jquery.min.js" type="text/javascript"></script>
+<script type="text/javascript" src="/benchmark/js/js.cookie.js"></script>
+<title>BenchmarkTest02741</title>
+</head>
+<body>
+    <form action="/benchmark/xss-00/BenchmarkTest02741" method="POST" id="FormBenchmarkTest02741">
+        <div>
+            <label>Please enter your details:</label>
+        </div>
+        <br />
+        <div>
+            <label>Email:</label>
+        </div>
+        <div>
+            <input type="text" id="email" name="email"></input>
+        </div>
+        <div>
+            <label>Name:</label>
+        </div>
+        <div>
+            <input type="text" id="name" name="name" value=""></input>
+        </div>
+        <div>&nbsp;</div>
+        <div>
+            <label>Parameter: BenchmarkTest02741 <BR> Value:
+            </label> <input type="text" id="BenchmarkTest02741" name="BenchmarkTest02741" value="SafeText"></input>
+        </div>
+        <br />
+        <div>
+            <input type="submit" value="Login" />
+        </div>
+    </form>
+</body>
+
+</html>
diff --git a/src/main/webapp/xss-00/BenchmarkTest02742.html b/src/main/webapp/xss-00/BenchmarkTest02742.html
new file mode 100644
index 0000000000..2d637db545
--- /dev/null
+++ b/src/main/webapp/xss-00/BenchmarkTest02742.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<script src="/benchmark/js/jquery.min.js" type="text/javascript"></script>
+<script type="text/javascript" src="/benchmark/js/js.cookie.js"></script>
+<title>BenchmarkTest02742</title>
+</head>
+<body>
+    <form action="/benchmark/xss-00/BenchmarkTest02742" method="POST" id="FormBenchmarkTest02742">
+        <div>
+            <label>Please enter your details:</label>
+        </div>
+        <br />
+        <div>
+            <label>Email:</label>
+        </div>
+        <div>
+            <input type="text" id="email" name="email"></input>
+        </div>
+        <div>
+            <label>Name:</label>
+        </div>
+        <div>
+            <input type="text" id="name" name="name" value=""></input>
+        </div>
+        <div>&nbsp;</div>
+        <div>
+            <label>Parameter: BenchmarkTest02742 <BR> Value:
+            </label> <input type="text" id="BenchmarkTest02742" name="BenchmarkTest02742" value="SafeText"></input>
+        </div>
+        <br />
+        <div>
+            <input type="submit" value="Login" />
+        </div>
+    </form>
+</body>
+
+</html>
diff --git a/src/main/webapp/xss-00/BenchmarkTest02743.html b/src/main/webapp/xss-00/BenchmarkTest02743.html
new file mode 100644
index 0000000000..0dcccbe0d2
--- /dev/null
+++ b/src/main/webapp/xss-00/BenchmarkTest02743.html
@@ -0,0 +1,66 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<script src="/benchmark/js/jquery.min.js" type="text/javascript"></script>
+<script type="text/javascript" src="/benchmark/js/js.cookie.js"></script>
+<title>BenchmarkTest02743</title>
+</head>
+<body>
+    <form action="/benchmark/xss-00/BenchmarkTest02743" method="POST" id="FormBenchmarkTest02743">
+        <div class="fl" style="width: 99%;">
+            <h1>Feedback</h1>
+
+            <p>
+                Our Frequently Asked Questions area will help you with many of your inquiries.<br /> If you can't find your question, return to this page and use the e-mail form below.
+            </p>
+
+            <p>
+                <b>IMPORTANT!</b> This feedback facility is not secure. Please do not send any <br /> account information in a message sent from here.
+            </p>
+
+
+            <div>
+                <label>Please enter your details:</label>
+            </div>
+            <br />
+            <div>
+                <label>Name:</label>
+            </div>
+            <div>
+                <input type="text" id="name" name="name"></input>
+            </div>
+            <div>
+                <label>Email:</label>
+            </div>
+            <div>
+                <input type="text" id="email" name="email"></input>
+            </div>
+            <div>
+                <label>Subject:</label>
+            </div>
+            <div>
+                <input type="text" id="subject" name="subject"></input>
+            </div>
+            <div>
+                <label>Q/A:</label>
+            </div>
+            <div>
+                <input type="text" id="Q/A" name="Q/A" value=""></input>
+            </div>
+            <div>
+                <label>Parameter: BenchmarkTest02743 <BR> Value:
+                </label> <input type="text" id="BenchmarkTest02743" name="BenchmarkTest02743" value="SafeText"></input>
+            </div>
+            <div>
+                <div>
+                    <input type="submit" value="submit" />
+                </div>
+            </div>
+
+        </div>
+    </form>
+</body>
+
+
+</html>
diff --git a/src/main/webapp/xss-00/BenchmarkTest02744.html b/src/main/webapp/xss-00/BenchmarkTest02744.html
new file mode 100644
index 0000000000..83f316f6ec
--- /dev/null
+++ b/src/main/webapp/xss-00/BenchmarkTest02744.html
@@ -0,0 +1,64 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<script src="/benchmark/js/jquery.min.js" type="text/javascript"></script>
+<script type="text/javascript" src="/benchmark/js/js.cookie.js"></script>
+<title>BenchmarkTest02744</title>
+</head>
+<body>
+    <form action="/benchmark/xss-00/BenchmarkTest02744" method="POST" id="FormBenchmarkTest02744">
+        <div class="fl" style="width: 99%;">
+            <h1>Feedback</h1>
+
+            <p>
+                Our Frequently Asked Questions area will help you with many of your inquiries.<br /> If you can't find your question, return to this page and use the e-mail form below.
+            </p>
+
+            <p>
+                <b>IMPORTANT!</b> This feedback facility is not secure. Please do not send any <br /> account information in a message sent from here.
+            </p>
+
+
+            <div>
+                <label>Please enter your details:</label>
+            </div>
+            <br />
+            <div>
+                <label>Name:</label>
+            </div>
+            <div>
+                <input type="text" id="name" name="name"></input>
+            </div>
+            <div>
+                <label>Email:</label>
+            </div>
+            <div>
+                <input type="text" id="email" name="email"></input>
+            </div>
+            <div>
+                <label>Subject:</label>
+            </div>
+            <div>
+                <input type="text" id="subject" name="subject"></input>
+            </div>
+            <div>
+                <label>Q/A:</label>
+            </div>
+            <div>
+                <input type="text" id="Q/A" name="Q/A" value=""></input>
+            </div>
+            <div>
+                <label>Parameter: BenchmarkTest02744 <BR> Value:
+                </label> <input type="text" id="BenchmarkTest02744" name="BenchmarkTest02744" value="SafeText"></input>
+            </div>
+            <div>
+                <div>
+                    <input type="submit" value="submit" />
+                </div>
+            </div>
+
+        </div>
+    </form>
+</body>
+</html>
diff --git a/src/main/webapp/xss-00/BenchmarkTest02745.html b/src/main/webapp/xss-00/BenchmarkTest02745.html
new file mode 100644
index 0000000000..5c43606da0
--- /dev/null
+++ b/src/main/webapp/xss-00/BenchmarkTest02745.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<script src="/benchmark/js/jquery.min.js" type="text/javascript"></script>
+<script type="text/javascript" src="/benchmark/js/js.cookie.js"></script>
+<title>BenchmarkTest02745</title>
+</head>
+<body>
+    <form action="/benchmark/xss-00/BenchmarkTest02745" method="POST" id="FormBenchmarkTest02745">
+        <div>
+            <label>Please enter your details:</label>
+        </div>
+        <br />
+        <div>
+            <label>Email:</label>
+        </div>
+        <div>
+            <input type="text" id="email" name="email"></input>
+        </div>
+        <div>
+            <label>Name:</label>
+        </div>
+        <div>
+            <input type="text" id="name" name="name" value=""></input>
+        </div>
+        <div>&nbsp;</div>
+        <div>
+            <label>Parameter: BenchmarkTest02745 <BR> Value:
+            </label> <input type="text" id="BenchmarkTest02745" name="BenchmarkTest02745" value="SafeText"></input>
+        </div>
+        <br />
+        <div>
+            <input type="submit" value="Login" />
+        </div>
+    </form>
+</body>
+
+</html>
diff --git a/src/main/webapp/xss-00/BenchmarkTest02746.html b/src/main/webapp/xss-00/BenchmarkTest02746.html
new file mode 100644
index 0000000000..b3950791b0
--- /dev/null
+++ b/src/main/webapp/xss-00/BenchmarkTest02746.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<script src="/benchmark/js/jquery.min.js" type="text/javascript"></script>
+<script type="text/javascript" src="/benchmark/js/js.cookie.js"></script>
+<title>BenchmarkTest02746</title>
+</head>
+<body>
+    <form action="/benchmark/xss-00/BenchmarkTest02746" method="POST" id="FormBenchmarkTest02746">
+        <div>
+            <label>Please enter your details:</label>
+        </div>
+        <br />
+        <div>
+            <label>Email:</label>
+        </div>
+        <div>
+            <input type="text" id="email" name="email"></input>
+        </div>
+        <div>
+            <label>Name:</label>
+        </div>
+        <div>
+            <input type="text" id="name" name="name" value=""></input>
+        </div>
+        <div>&nbsp;</div>
+        <div>
+            <label>Parameter: BenchmarkTest02746 <BR> Value:
+            </label> <input type="text" id="BenchmarkTest02746" name="BenchmarkTest02746" value="SafeText"></input>
+        </div>
+        <br />
+        <div>
+            <input type="submit" value="Login" />
+        </div>
+    </form>
+</body>
+
+</html>
diff --git a/src/main/webapp/xss-Index.html b/src/main/webapp/xss-Index.html
index 08dd9edb48..62f1a79595 100644
--- a/src/main/webapp/xss-Index.html
+++ b/src/main/webapp/xss-Index.html
@@ -480,6 +480,20 @@ <h1>OWASP Benchmark XSS (Cross-Site Scripting) Test Case Index</h1>
                         <li><a href='xss-05/BenchmarkTest02695.html?BenchmarkTest02695=SafeText'>BenchmarkTest02695</a></li>
                         <li><a href='xss-05/BenchmarkTest02696.html?BenchmarkTest02696=SafeText'>BenchmarkTest02696</a></li>
                         <li><a href='xss-05/BenchmarkTest02712.html?BenchmarkTest02712=SafeText'>BenchmarkTest02712</a></li>
+                        <li><a href='xss-00/BenchmarkTest02741.html?BenchmarkTest02741=SafeText'>BenchmarkTest02741</a></li>
+
+                        <li><a href='xss-00/BenchmarkTest02742.html?BenchmarkTest02742=SafeText'>BenchmarkTest02742</a></li>
+
+                        <li><a href='xss-00/BenchmarkTest02743.html?BenchmarkTest02743=SafeText'>BenchmarkTest02743</a></li>
+
+                        <li><a href='xss-00/BenchmarkTest02744.html?BenchmarkTest02744=SafeText'>BenchmarkTest02744</a></li>
+
+
+                        <li><a href='xss-00/BenchmarkTest02745.html?BenchmarkTest02745=SafeText'>BenchmarkTest02745</a></li>
+
+                        <li><a href='xss-00/BenchmarkTest02746.html?BenchmarkTest02746=SafeText'>BenchmarkTest02746</a></li>
+
+
                     </ul>
                 </div>
             </div>