Rafel Ivgi has published an extensive list of IE8 XSS filter evasions.

"Aspect9 has discovered several vulnerabilities in Microsoft Windows Internet Explorer 8.0 Beta 2. This new version of Microsoft's famous browser includes new security improvements such as a Cross Site Scripting(XSS) filter. This version also includes a new object that safely allows transferring data across domains, allowing them to interact with each other.

The Anti-XSS filter has been found to have some security holes in the current implementation. Microsoft decided to filter "Type 1 XSS" which is free text send to the server being reflected to the user and therefore injecting HTML code into the website's page. They chose not to handle certain situations such as injection into a JavaScript tag space, which would be extremely difficult to filter. The software giant also chose not to filter injection into HTTP headers, which will drive hackers to focus on discovering CRLF vulnerabilities."

Additional Details: http://www.webappsec.org/lists/websecurity/archive/2008-12/msg00057.html