>>> You can inject any javascript with that markup, for doing all kinds of
>>> damage if there is malicious intention. Or?
>>
>> Exactly what I was trying to illustrate! I wasn't really thinking
>> this was a clever way of getting an alert "hello world" into a page!
>> :)
>
> luckily < are changed to <
>
> HTML output:
> </style><script>alert('hello world')</script><style>
Oh, that's right. :) Well we have Pm to thank for that wise idea.
Everywhere but code* pages of course.
Cheers,
Dan
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"BoltWire" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/boltwire?hl=en
-~----------~----~----~----~------~----~------~--~---
