The javascript is executed using Internet Explorer 6 with all of its patches installed. The exact query string to do an XSS attack is this
>'"><script>alert(document.cookie)</script> However I think the problem is not browser related, if you use <s:url and <a: as I wrote before, it echoes a non encoded URI.. and in this way you can place malicious javascript inside the page. (watch the resulting HTML..) On Jan 12, 2008 6:05 PM, Dave Newton <[EMAIL PROTECTED]> wrote: > What browser are you using, and what's the exact query string being used? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
