Made for myself an interesting discovery, it turns out to be a line
<\0b>text</b> - where \ 0 is a character with code 0 ')
IE interprets as a normal bold tag with all the consequences, the same goes for the <script> <style> tags and others.
This in turn means that deleting potentially dangerous elements using str_replace, preg_replace (PHP), s / <script /.../ i (Perl, sed) and other replace () functions for other languages will not give the desired results.
The same applies to filtering by white lists, which simply may not count the sequence <\0b>text</b> tag.
Fortunately, Firefox, Opera and Safari do not think so. Developers, be careful when filtering user data!