Hello, Agree with Michal. It is very interesting to get to know know new complex xss vulnerabilities.
IMAHO, the issue here is claiming to have found a vulnerability without providing a PoC of how to use it to violate a security policy of the targeted service, probably because there are none, and therefore it's not a vulnerability but a feature. Regards, Guifre. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/