CRV2 RevCodeXSS

Where can XSS occur??

HTML Body Context UNTRUSTED DATA  HTML Attribute Context  attack: "> /* bad stuff */

HTTP GET Parameter Context clickme attack: " onclick="/* bad stuff */"

URL Context clickme  attack: javascript:/* BAD STUFF */