I’ve been hacking the PHPIDS recently and I wanted a pure XSS vector not just script execution, I decided to experiment with the applet tag because it sneaks past the malicious tag detection. I thought to myself I wonder if it accepts the type attribute like the object tag does….
<applet src="data:text/html;base64,PHNjcmlwdD5hbGVydCgvWFNTLyk8L3N jcmlwdD4" type=text/html>
That works it executes the base64 encoded string as HTML! It doesn’t stop there though 
<applet src="http://www.businessinfo.co.uk" type=text/html>
The applet tag even acts like a iframe 