On Friday, January 23, 2004, at 11:53 AM, [EMAIL PROTECTED] wrote:
This email is to be read subject to the disclaimer below.
His photo gallery has a nice cross-site scripting vulnerability (I emailed
him privately about it). But here's the test URL I made, just for a
laugh...
And do you think it was responsible to make such information public? I would have only done so AFTER giving him enough time to plug-up the security hole.
I'm sure you wouldn't appreciate your security vulnerabilities (yes, everyone has them, no matter how obscure) being published in a public forum, so why do the same to him?
Justin French
*****************************************************
The discussion list for http://webstandardsgroup.org/
*****************************************************
