Is the only way to work out how the filter works through trial and error?
A little more help would be appreciated.
I haev gone through all of the examples on the OWASP page to no avail as of yet.
I wouldn't expect it to work perfectly from their examples however.
A little nudge in the right direction would be beneficial.