The spammer blog posted about bypassing XSS Auditor, a tool built-in Chrome and IE and enabled by default to prevent XSS attacks or just doing some weird things to your page. XSS Auditor could be easily bypassed using an anchor or iframe and overall its detection schema seems to be very limited :
It is also a very limited XSS filter not supporting detection of script based attacks (very common). Another thing I noticed is it doesn’t actually detect attacks either it simply flags a valid attack based on a character
XSS Auditor might have a strange behavior to remove certain scripts from your page, so you might use Egor script to get a notification once a XSS Auditor removed any injected code.