I just sent this to bugtraq: In Fri, Oct 12, 2001 at 12:59:13PM -0600, Dave Ahmad wrote: > On Thu, 11 Oct 2001, bugtraq wrote: > > >http://www.perl.com/search/index.ncsp?sp-q=%3C%69%6D%67%20%73%72%63%3D%68%74%74%70%3A%2F%2F%31%39%39%2E%31%32%35%2E%38%35%2E%34%36%2F%74%69%6D%65%2E%6A%70%67%3E
> Does anyone know which search engine software this is? I don't know which engine perl.com uses, but if you have the template parameter WORDS in you templates, htdig 3.1.5 puts the unquoted img-tag into the result page. Funnily enough, the htdig 3.1.5 on htdig.org encodes the offending string in <input type="text" size="30" name="words" value="<img src=http://199.125.85.46/time.jpg>";> while the distributed htdig 3.1.5 (here the debian-version 3.1.5-2) doesn't: <input type="text" size="30" name="words" value="<img src=http://199.125.85.46/time.jpg>"> (And there is neither a security section on htdig.org nor an email address for bug reports... so I am crossposting this to htdig-general) Yours, Florian Hars. _______________________________________________ htdig-dev mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/htdig-dev
![http://199.125.85.46/time.jpg>"](http://199.125.85.46/time.jpg>"){kind=link}
