PAYLOAD<plaintext></plaintext>

Visible but <strong>escaped</strong>

PAYLOAD<plaintext style="display:none;"></plaintext>

We close the tag so XHTML validation still succed :) but recent
browsers will ignore it. In dubt remove the closing tag.

PAYLOAD<plaintext style="display:none;">

Original page contents after the first XSS injection.