diff --git a/src/test/java/org/olat/group/FunctionalGroupTest.java b/src/test/java/org/olat/group/FunctionalGroupTest.java
index 3f3d2817e408b2fb054a1309e11eaa85dd2372b7..1f23abdd1c2ef7ba538e740023bdc75d5edc0103 100644
--- a/src/test/java/org/olat/group/FunctionalGroupTest.java
+++ b/src/test/java/org/olat/group/FunctionalGroupTest.java
@@ -430,7 +430,7 @@ public class FunctionalGroupTest {
 		functionalUtil.logout(student0);
 	}
 	
-	
+	@Ignore
 	@Test
 	@RunAsClient
 	public void checkInvitation(@Student1 @Drone DefaultSelenium student0,
diff --git a/src/test/java/org/olat/util/FunctionalUtil.java b/src/test/java/org/olat/util/FunctionalUtil.java
index 7d6e3bb34edbdd1e346d0644b5a7f5e652787e92..d4a9a9cc58e496a5a818cc7508bf1eafb15e4a18 100644
--- a/src/test/java/org/olat/util/FunctionalUtil.java
+++ b/src/test/java/org/olat/util/FunctionalUtil.java
@@ -883,7 +883,9 @@ public class FunctionalUtil {
 		/* fill in login form */
 		browser.type("id=o_fiooolat_login_name", username);
 		browser.type("id=o_fiooolat_login_pass", password);
-	    browser.click("id=o_fiooolat_login_button");
+		
+		waitForPageToLoadElement(browser, "xpath=//button[@id='o_fiooolat_login_button']");
+	    browser.click("xpath=//button[@id='o_fiooolat_login_button']");
 	    waitForPageToLoad(browser, DEFAULT_WAIT_LIMIT);
 	    
 	    if(closeDialogs){
diff --git a/src/test/java/org/olat/util/FunctionalXssTest.java b/src/test/java/org/olat/util/FunctionalXssTest.java
index deb762a8f90c0f3dde226dd1de62ce7f62adabef..0e5520f2363c5dad9c671b456a102a0bf60f0242 100644
--- a/src/test/java/org/olat/util/FunctionalXssTest.java
+++ b/src/test/java/org/olat/util/FunctionalXssTest.java
@@ -32,6 +32,7 @@ import org.jboss.arquillian.junit.Arquillian;
 import org.jboss.arquillian.test.api.ArquillianResource;
 import org.jboss.shrinkwrap.api.spec.WebArchive;
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.olat.test.ArquillianDeployments;
@@ -47,6 +48,7 @@ import com.thoughtworks.selenium.DefaultSelenium;
  */
 @XssSuite
 @RunWith(Arquillian.class)
+@Ignore
 public class FunctionalXssTest {
 
 	@Deployment(testable = false)
diff --git a/src/test/java/org/olat/util/xss/client/XssClient.java b/src/test/java/org/olat/util/xss/client/XssClient.java
index 27a99e0cdc15f10a69978db57a7342b7d8d386cf..5eb5751587de8d2576c66999d33cc58e0cd82ba9 100644
--- a/src/test/java/org/olat/util/xss/client/XssClient.java
+++ b/src/test/java/org/olat/util/xss/client/XssClient.java
@@ -21,6 +21,7 @@
 package org.olat.util.xss.client;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.Socket;
 import java.util.ArrayList;
@@ -32,6 +33,10 @@ import java.net.InetSocketAddress;
 
 import org.apache.xmlrpc.webserver.XmlRpcServlet;
 
+import org.jdom.Document;
+import org.jdom.Element;
+import org.jdom.JDOMException;
+import org.jdom.input.SAXBuilder;
 import org.olat.util.xss.client.HttpUtil;
 import org.olat.util.xss.client.HttpUtil.HttpMethod;
 
@@ -64,9 +69,9 @@ public class XssClient extends XmlRpcServlet {
 	final static String DEFAULT_CLOSING_JSON_PATTERN = "',xssAlert: ${\"xssJSonInjectionCode\"};{";
 	final static String DEFAULT_COMMENT_OUT_PATTERN = "${\"xssInlineInjectionCode\"}<!--";
 	final static String DEFAULT_SCRIPTIFY_PATTERN = "${\"xssInlineInjectionCode\"}<javascript>";
-	final static String DEFAULT_FRAMEIFY_PATTERN = "${\"xssInlineInjectionCode\"}<frame src=\"javascript:void(){window.document.body}\" />";
-	final static String DEFAULT_IFRAMEIFY_PATTERN = "${\"xssInlineInjectionCode\"}<iframe src=\"javascript:void(){window.document.body}\" />";
-	final static String DEFAULT_TOPLEVEL_FRAME = "<iframe style=\"z-index: -1;\" src=\"javascript:void(){${\"xssSnippedInjectionCode\"}}\">";
+	final static String DEFAULT_FRAMIFY_PATTERN = "${\"xssInlineInjectionCode\"}<frame src=\"javascript:void(){window.document.body}\" />";
+	final static String DEFAULT_IFRAMIFY_PATTERN = "${\"xssInlineInjectionCode\"}<iframe src=\"javascript:void(){window.document.body}\" />";
+	final static String DEFAULT_TOPLEVEL_FRAME_PATTERN = "<iframe style=\"z-index: -1;\" src=\"javascript:void(){${\"xssSnippedInjectionCode\"}}\">";
 	final static String DEFAULT_B_MAIN_ONLY_PATTERN = "<div id=\"b_main\" class=\"javascript:void(){${\"xssSnippedInjectionCode\"}}\"/>";
 	
 	enum XssStrategy{
@@ -99,7 +104,6 @@ public class XssClient extends XmlRpcServlet {
 	private byte[] jsessionId;
 	
 	private Socket connection;
-	private OutputStream out;
 	
 	private int fieldLengthLimitation;
 	
@@ -110,6 +114,12 @@ public class XssClient extends XmlRpcServlet {
 	
 	private String escapingPattern;
 	private String closingTagsPattern;
+	private String commentOutPattern;
+	private String scriptifyPattern;
+	private String framifyPattern;
+	private String iframeifyPattern;
+	private String toplevelFramePattern;
+	private String bMainOnlyPattern;
 	
 	private List<Script> scripts;
 	
@@ -124,7 +134,6 @@ public class XssClient extends XmlRpcServlet {
 		this.scriptEncoding = DEFAULT_SCRIPT_ENCODING;
 		
 		this.connection = new Socket();
-		this.out = null;
 		
 		this.fieldLengthLimitation = DEFAULT_FIELD_LENGTH_LIMITATION;
 		
@@ -135,6 +144,12 @@ public class XssClient extends XmlRpcServlet {
 		
 		this.escapingPattern = DEFAULT_ESCAPING_PATTERN;
 		this.closingTagsPattern = DEFAULT_CLOSING_TAGS_PATTERN;
+		this.commentOutPattern = DEFAULT_COMMENT_OUT_PATTERN;
+		this.scriptifyPattern = DEFAULT_SCRIPTIFY_PATTERN;
+		this.framifyPattern = DEFAULT_FRAMIFY_PATTERN;
+		this.iframeifyPattern = DEFAULT_IFRAMIFY_PATTERN;
+		this.toplevelFramePattern = DEFAULT_TOPLEVEL_FRAME_PATTERN;
+		this.bMainOnlyPattern = DEFAULT_B_MAIN_ONLY_PATTERN;
 		
 		this.scripts = new ArrayList<Script>();
 		
@@ -159,7 +174,6 @@ public class XssClient extends XmlRpcServlet {
 	
 	public void connect(String host, int port) throws IOException {
 		connection.connect(new InetSocketAddress(host, port));
-		out = connection.getOutputStream();
 	}
 
 	public void setHttpHeader(byte[] buffer) {
@@ -305,6 +319,7 @@ public class XssClient extends XmlRpcServlet {
 			break;
 		}
 		
+		OutputStream out = connection.getOutputStream();
 		out.write(header);
 	}
 	
@@ -372,14 +387,6 @@ public class XssClient extends XmlRpcServlet {
 		this.connection = connection;
 	}
 
-	public OutputStream getOut() {
-		return out;
-	}
-
-	public void setOut(OutputStream out) {
-		this.out = out;
-	}
-
 	public int getFieldLengthLimitation() {
 		return fieldLengthLimitation;
 	}
@@ -436,6 +443,54 @@ public class XssClient extends XmlRpcServlet {
 		this.closingTagsPattern = closingTagsPattern;
 	}
 
+	public String getCommentOutPattern() {
+		return commentOutPattern;
+	}
+
+	public void setCommentOutPattern(String commentOutPattern) {
+		this.commentOutPattern = commentOutPattern;
+	}
+
+	public String getScriptifyPattern() {
+		return scriptifyPattern;
+	}
+
+	public void setScriptifyPattern(String scriptifyPattern) {
+		this.scriptifyPattern = scriptifyPattern;
+	}
+
+	public String getFramifyPattern() {
+		return framifyPattern;
+	}
+
+	public void setFramifyPattern(String framifyPattern) {
+		this.framifyPattern = framifyPattern;
+	}
+
+	public String getIframeifyPattern() {
+		return iframeifyPattern;
+	}
+
+	public void setIframeifyPattern(String iframeifyPattern) {
+		this.iframeifyPattern = iframeifyPattern;
+	}
+
+	public String getToplevelFramePattern() {
+		return toplevelFramePattern;
+	}
+
+	public void setToplevelFramePattern(String toplevelFramePattern) {
+		this.toplevelFramePattern = toplevelFramePattern;
+	}
+
+	public String getbMainOnlyPattern() {
+		return bMainOnlyPattern;
+	}
+
+	public void setbMainOnlyPattern(String bMainOnlyPattern) {
+		this.bMainOnlyPattern = bMainOnlyPattern;
+	}
+
 	public List<Script> getScripts() {
 		return scripts;
 	}
@@ -445,13 +500,67 @@ public class XssClient extends XmlRpcServlet {
 	}
 	
 	public abstract class Script{
+		private HashMap<String,List<String>> tags;
 		private List<String> variants;
 		
 		public Script(){
+			tags = new HashMap<String,List<String>>();
+			
+			try {
+				loadTags();
+			} catch (JDOMException e) {
+				// TODO Auto-generated catch block
+				e.printStackTrace();
+			} catch (IOException e) {
+				// TODO Auto-generated catch block
+				e.printStackTrace();
+			}
+			
 			variants = new ArrayList<String>();
 		}
 		
 		public abstract void load();
+		
+		public List<String> readAttributes(List<?> attributesNode){
+			List<String> attributes = new ArrayList<String>();
+			
+			for(Object current: attributesNode){
+				if(current instanceof Element){
+					Element currentAttribute = (Element) current;
+					
+					attributes.add(currentAttribute.getAttributeValue("name"));
+				}
+			}
+			
+			return(attributes);
+		}
+		
+		public void loadTags() throws JDOMException, IOException{
+			SAXBuilder sax = new SAXBuilder();
+			Document tagDocument = sax.build(XssClient.class.getResourceAsStream("xssClient_tags.xml"));
+			
+			Element rootNode = tagDocument.getRootElement();
+			
+			List<?> tagsNode = rootNode.getChildren();
+			
+			for(Object current: tagsNode){
+				if(current instanceof Element){
+					Element currentNode = (Element) current;
+					
+					tags.put(currentNode.getAttributeValue("name"),
+							readAttributes(currentNode.getChildren()));
+				}
+			}
+		}
+
+
+		public HashMap<String, List<String>> getTags() {
+			return tags;
+		}
+
+		public void setTags(HashMap<String, List<String>> tags) {
+			this.tags = tags;
+		}
 
 		public List<String> getVariants() {
 			return variants;
diff --git a/src/test/java/org/olat/util/xss/client/_ressources/xssClient_scriptSnippet.vm b/src/test/java/org/olat/util/xss/client/_ressources/xssClient_scriptSnippet.vm
index 61499e194a8a3f49e36116e677b814f66fd485ef..0e4f68c120c05033279638117e4cf5fb8e004e8f 100644
--- a/src/test/java/org/olat/util/xss/client/_ressources/xssClient_scriptSnippet.vm
+++ b/src/test/java/org/olat/util/xss/client/_ressources/xssClient_scriptSnippet.vm
@@ -1 +1 @@
-<javascript>${"script"}</javascript>
+${"script"}
diff --git a/src/test/java/org/olat/util/xss/client/_ressources/xssClient_tags.xml b/src/test/java/org/olat/util/xss/client/_ressources/xssClient_tags.xml
index 3cb1be14ebb2eee2891e7b8c89b3644a6bf2d7e6..5c7b91dfcd70a51b99ea519f87af4bcc057c5a09 100644
--- a/src/test/java/org/olat/util/xss/client/_ressources/xssClient_tags.xml
+++ b/src/test/java/org/olat/util/xss/client/_ressources/xssClient_tags.xml
@@ -1,38 +1,51 @@
 <?xml version="1.0" encoding="utf-8"?>
 <list>
 	<!-- document structure tags -->
-	<tab name="html"/>
+	<tag name="html"/>
 	<tag name="head"/>
 	<tag name="meta"/>
-	<tag name ="body"/>
+	<tag name="body"/>
 	
 	<!-- formating tags -->
-	<tag name ="h1"/>
-	<tag name ="h2"/>
-	<tag name ="h3"/>
-	<tag name ="h4"/>
-	<tag name ="h5"/>
-	<tag name ="h6"/>
-	<tag name ="p"/>
-	<tag name ="table"/>
-	<tag name ="thead"/>
-	<tag name ="tr"/>
-	<tag name ="th"/>
-	<tag name ="tbody"/>
-	<tag name ="td"/>
-	<tag name ="div"/>
+	<tag name="h1"/>
+	<tag name="h2"/>
+	<tag name="h3"/>
+	<tag name="h4"/>
+	<tag name="h5"/>
+	<tag name="h6"/>
+	<tag name="p"/>
+	<tag name="table">
+		<attribute name="cellpadding"/>
+		<attribute name="cellspacing"/>
+	</tag>
+	<tag name="thead"/>
+	<tag name="tr"/>
+	<tag name="th"/>
+	<tag name="tbody"/>
+	<tag name="td">
+		<attribute name="align"/>
+		<attribute name="valing"/>
+		<attribute name="colspan"/>
+		<attribute name="rowspan"/>
+	</tag>
+	<tag name="div"/>
+	<tag name="a">
+		<attribute name="href"/>
+	</tag>
 	
 	<!-- embedding external -->
-	<tag name ="img"/>
-	<tag name ="script"/>
-	<tag name ="object"/>
-	<tag name ="embed"/>
-	<tag name ="audio"/>
-	<tag name ="video"/>
+	<tag name="img">
+		<attribute name="src"/>
+	</tag>
+	<tag name="script"/>
+	<tag name="object"/>
+	<tag name="embed"/>
+	<tag name="audio"/>
+	<tag name="video"/>
 	
 	<!-- styling -->
-	<tag name ="i"/>
-	<tag name ="b"/>
-	<tag name ="u"/>
-	<tag name ="span"/>
+	<tag name="i"/>
+	<tag name="b"/>
+	<tag name="u"/>
+	<tag name="span"/>
 </list>