diff --git a/spec/vulnerabilities/xss_spec.rb b/spec/vulnerabilities/xss_spec.rb
index f96148d..6ce2d30 100644
--- a/spec/vulnerabilities/xss_spec.rb
+++ b/spec/vulnerabilities/xss_spec.rb
@@ -11,17 +11,18 @@ feature 'xss' do
 
     visit "/users/#{@normal_user.user_id}/account_settings"
     within('#account_edit') do
-      fill_in 'First name', :with => "B<script>$(function() { $('form.button_to input.btn.btn-primary').val('RailsGoat h4x0r3d') } )</script>"
+      fill_in 'First name', :with => "<script>$(function() { $('div input.btn').val('RailsGoat h4x0r3d') } )</script>"
 
       # password gets screwed up if you don't re-submit - need to fix
       fill_in 'user_password', :with => @normal_user.clear_password
       fill_in 'user_password_confirmation', :with => @normal_user.clear_password
     end
     click_on 'Submit'
-
+    
+    sleep(1)
     visit '/'
 
-    pending(:if => verifying_fixed?) { find('form.button_to input.btn.btn-primary').value.should == 'RailsGoat h4x0r3d' }
+    pending(:if => verifying_fixed?) { find('div input.btn').value.should == 'RailsGoat h4x0r3d' }
 
     # might be nice to demonstrate posting cookie contents or somesuch, but
     # this at least shows the vulnerability still exists.