the <embed xss> triggers an alert, as it should be (active javascript), but the <script> code in the page content does not, also correct behaviour.
The only issue might be the special HTML character test, as only the < gets encoded. But I am not sure if it could be done any different. ~Hans --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/boltwire?hl=en -~----------~----~----~----~------~----~------~--~---
