Challenges do NOT require any bruteforcing/directory fuzzing/massive amounts of traffic unless clearly specified in the challenge information below.
I couldn't use the traditional methods of stopping XSS because of the way my application works. Because of this i've had to create a "strict" filter to stop malicious attackers and help protect my users. I'm 100% sure you can't beat this filter! Try find the vulnerable parameter(s) and then see if you can beat it/them. :)