Hi, there is a XSS error in syntax.html of htdig.
you can reproduce this like this: http://foo.bar/cgi-bin/htsearch?config=&restrict=&exclude=&method=and&format=builtin-long&sort=<script>alert("foo")</script>&words=foo $(SYNTAXERROR) must be quoted by htdig before filling it in. greetings Michael -- Michael Skibbe <[EMAIL PROTECTED]> Core Services SUSE Linux Products GmbH GF: Markus Rex Nuernberg, Germany HRB 16746 (AG Nuernberg) ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ ht://Dig Developer mailing list: htdig-dev@lists.sourceforge.net List information (subscribe/unsubscribe, etc.) https://lists.sourceforge.net/lists/listinfo/htdig-dev
