Talk:DOM Based XSS

I’d really like to find examples of code and malicious input illustrating scenario where ESAPI encodeForHTML wouldn't be sufficient and encodeForHTMLAttribute would remediate vulnerability.