On Tue, Oct 29, 2002 at 08:06:18PM -0000, Dave Hooper wrote: > > the following executes custom html. > > > > http://127.0.0.1:8888/%3Cscript%3Edocument.write('test');%3C/script%3E > > True - for example : > http://127.0.0.1:8888/%3Cscript%3Edocument.write('test1%3cH1%3etest2%3c/H1%3 > e');%3C/script%3E > The code that displays the "Unexpected key" page should really HTMLise the > string in case it contains < > " ' � etc symbols, otherwise such symbols > will make their way directly into the HTML of the page! Please try this in 527/0.5.0.2 (or current devel CVS) - it should be fixed in both branches now.
-- Matthew Toseland [EMAIL PROTECTED] [EMAIL PROTECTED] Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/11/02. http://freenetproject.org/
msg01748/pgp00000.pgp
Description: PGP signature
