We actually block those characters in our own whois, so you can't do that with us...
Looks like some *other* registrars aren't as forward thinking. I wonder how long this will last :) Charles Daminato OpenSRS Product Manager Tucows Inc. - [EMAIL PROTECTED] > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Csongor Fagyal > Sent: November 12, 2002 10:55 AM > To: [EMAIL PROTECTED] > Subject: Whoooooaaaaa, that's a whois! > > > Hey guys, this one is pretty! > > Whois "zoh.com"! A part of the result is: > > Registrant Contact- > <script>window.open('http://taky.com/?d=zohcom');</script> > Motohisa Ohno ([EMAIL PROTECTED]) > +1.81333183750 > FAX- none > 2-4-7-1001 HOUNAN > SUGINAMI-KU, TOKYO 168-062 > JP > > > Use a CGI or something similar, output this data into an HTML page, and > you get a popup window! Very clever... talk about cross-site scripting, > that is. > > Okay, that's gonna be a s/[<>]/ /g; > > - Cs. >
