This document describes a test to generate a "Generic Cross Site Scripting" event in the threat log.
The global counters can also be viewed to confirm that the firewall has sent TCP reset packets:
> show counter global | match RST
flow_action_close 4 0 drop flow pktproc TCP sessions closed via injecting RST
For additional examples: XSS Filter Evasion Cheat Sheet - OWASP
Threat Prevention Deployment Tech Note