On Fri, Feb 27, 2009 at 11:06 AM, Hans <[email protected]> wrote: > > 2009/2/27 The Editor <[email protected]>: >> Hmmm. I suppose someone could enter multiple lines like this in a >> comment box, just for fun... >> >> [(style "--> </style><script>")] >> [(style "....")] >> [(style "</script><style><--")] > > You can inject any javascript with that markup, for doing all kinds of > damage if there is malicious intention. Or?
Exactly what I was trying to illustrate! I wasn't really thinking this was a clever way of getting an alert "hello world" into a page! :) Cheers, Dan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/boltwire?hl=en -~----------~----~----~----~------~----~------~--~---
