diff --git a/test/ParsedownTest.php b/test/ParsedownTest.php
index 323dace..5fbf7f1 100644
--- a/test/ParsedownTest.php
+++ b/test/ParsedownTest.php
@@ -46,6 +46,8 @@ class ParsedownTest extends PHPUnit_Framework_TestCase
         $expectedMarkup = str_replace("\r\n", "\n", $expectedMarkup);
         $expectedMarkup = str_replace("\r", "\n", $expectedMarkup);
 
+        $this->Parsedown->setMarkupEscaped($test === 'xss_text_encoding');
+
         $actualMarkup = $this->Parsedown->text($markdown);
 
         $this->assertEquals($expectedMarkup, $actualMarkup);
diff --git a/test/data/xss_attribute_encoding.html b/test/data/xss_attribute_encoding.html
new file mode 100644
index 0000000..287ff51
--- /dev/null
+++ b/test/data/xss_attribute_encoding.html
@@ -0,0 +1,6 @@
+<p><a href="https://www.example.com&quot;">xss</a></p>
+<p><img src="https://www.example.com&quot;" alt="xss" /></p>
+<p><a href="https://www.example.com&#039;">xss</a></p>
+<p><img src="https://www.example.com&#039;" alt="xss" /></p>
+<p><img src="https://www.example.com" alt="xss&quot;" /></p>
+<p><img src="https://www.example.com" alt="xss&#039;" /></p>
\ No newline at end of file
diff --git a/test/data/xss_attribute_encoding.md b/test/data/xss_attribute_encoding.md
new file mode 100644
index 0000000..3d8e0c8
--- /dev/null
+++ b/test/data/xss_attribute_encoding.md
@@ -0,0 +1,11 @@
+[xss](https://www.example.com")
+
+![xss](https://www.example.com")
+
+[xss](https://www.example.com')
+
+![xss](https://www.example.com')
+
+![xss"](https://www.example.com)
+
+![xss'](https://www.example.com)
\ No newline at end of file
diff --git a/test/data/xss_bad_url.html b/test/data/xss_bad_url.html
new file mode 100644
index 0000000..93dd0d8
--- /dev/null
+++ b/test/data/xss_bad_url.html
@@ -0,0 +1,16 @@
+<p><a>xss</a></p>
+<p><a>xss</a></p>
+<p><a>xss</a></p>
+<p><a>xss</a></p>
+<p><img alt="xss" /></p>
+<p><img alt="xss" /></p>
+<p><img alt="xss" /></p>
+<p><img alt="xss" /></p>
+<p><a>xss</a></p>
+<p><a>xss</a></p>
+<p><a>xss</a></p>
+<p><a>xss</a></p>
+<p><img alt="xss" /></p>
+<p><img alt="xss" /></p>
+<p><img alt="xss" /></p>
+<p><img alt="xss" /></p>
\ No newline at end of file
diff --git a/test/data/xss_bad_url.md b/test/data/xss_bad_url.md
new file mode 100644
index 0000000..a730952
--- /dev/null
+++ b/test/data/xss_bad_url.md
@@ -0,0 +1,31 @@
+[xss](javascript:alert(1))
+
+[xss]( javascript:alert(1))
+
+[xss](javascript://alert(1))
+
+[xss](javascript&colon;alert(1))
+
+![xss](javascript:alert(1))
+
+![xss]( javascript:alert(1))
+
+![xss](javascript://alert(1))
+
+![xss](javascript&colon;alert(1))
+
+[xss](data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
+
+[xss]( data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
+
+[xss](data://text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
+
+[xss](data&colon;text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
+
+![xss](data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
+
+![xss]( data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
+
+![xss](data://text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
+
+![xss](data&colon;text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
\ No newline at end of file
diff --git a/test/data/xss_text_encoding.html b/test/data/xss_text_encoding.html
new file mode 100644
index 0000000..e6b3fc5
--- /dev/null
+++ b/test/data/xss_text_encoding.html
@@ -0,0 +1,7 @@
+<p>&lt;script&gt;alert(1)&lt;/script&gt;</p>
+<p>&lt;script&gt;</p>
+<p>alert(1)</p>
+<p>&lt;/script&gt;</p>
+<p>&lt;script&gt;
+alert(1)
+&lt;/script&gt;</p>
\ No newline at end of file
diff --git a/test/data/xss_text_encoding.md b/test/data/xss_text_encoding.md
new file mode 100644
index 0000000..b1051a2
--- /dev/null
+++ b/test/data/xss_text_encoding.md
@@ -0,0 +1,12 @@
+<script>alert(1)</script>
+
+<script>
+
+alert(1)
+
+</script>
+
+
+<script>
+alert(1)
+</script>
\ No newline at end of file