I just had some time to test the patc provided and I don't want to be rain on your parade but I am sorry to say that the provided patch is as amatuerish is the original attack
Try putting
HTML Code:
<IMG SRC="javascript:alert('XSS');">
in the comment and view it in Internet Exploder.
NOTE this is just one of the several possible exploits.
Also to who so ever implements the newer patch adding IMG to your solution will not work as there are several other tags which can be eploited.... I have given better solutions on the forums in other threads. Implementing XSS input filters is in principal same as implementing firewalls - You first shut each and every port and then start opening only the ports you require - you CANNOT do it the other way round that is shut only those ports which you consider *might* be harmful
To the devs who have wrtten to me that I should not make information public I would like to point out that solutions to the problem were pointed out but not implemented - Users of Pixelpost now have a right to know
Hope that helps...