2009/2/27 The Editor <[email protected]>:
>
> On Fri, Feb 27, 2009 at 11:06 AM, Hans <[email protected]> wrote:
>>
>> 2009/2/27 The Editor <[email protected]>:
>>> Hmmm. I suppose someone could enter multiple lines like this in a
>>> comment box, just for fun...
>>>
>>> [(style "--> </style><script>")]
>>> [(style "....")]
>>> [(style "</script><style><--")]
>>
>> You can inject any javascript with that markup, for doing all kinds of
>> damage if there is malicious intention. Or?
>
> Exactly what I was trying to illustrate! I wasn't really thinking
> this was a clever way of getting an alert "hello world" into a page!
> :)
luckily < are changed to <
HTML output:
</style><script>alert('hello world')</script><style>
~Hans
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"BoltWire" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/boltwire?hl=en
-~----------~----~----~----~------~----~------~--~---
