Background: I'm in middle school, and two popular games that people liked got blocked. My friend and I made a website with the blocked games on a free 000webhost subdomain. It was a crappy, twenty minute website that I made with just a view counter, the games, and a chat room for people looking for other people to play with.

Story: one day I opened up the chat room where another friend and I were gonna talk about our teacher behind her back. I opened the chat room, and in the previous chat text, there was a line that said "Username: " and a text box. Then, about five lines, each with two text boxes separated by a ":". I knew that it could've been my friend that "made" the site with me (he designed the logo and occasionally modified the HTML), but I suspected not. He wasn't smart enough. Now when I was building the chat room, I internationally didn't put in XSS protection, just to see if someone would catch onto it, and, to my surprise, someone obviously did. Now there's someone in my school, who could be just like me, but I don't know where. Man, I really wanna find him (or her)! Of course, it could be my teachers, who are messing with it and could be trying to get it blocked -_-