Read the REGEXSS blog post
Your goal: craft an HTML snippet that passes sanitization and becomes and active XSS payload following the provided greedy regex removal or replacement. Try different quote styles and attribute ordering, read the blog post if you are unsure. The regex's seen here are all based on actual vulnerabilities found in the wild.
Hint: If you're using an onfocus XSS payload, the element may not automatically grab focus. Try something else...