Cross-Site Scripting Worm Floods MySpace

This is why strips Javascript from posts. The potential for devilment is limitless without filtering!



3 Replies to “Cross-Site Scripting Worm Floods MySpace”

  1. The potential for devilment is pretty high even with filtering, it seems: MySpace are also pretty vigorous in removing Javascript from any text entered by the user. It’s worth reading the description of how the specific exploit was done over here: and asking yourself if something like that could get past your own (or Worpress’) filters.

Leave a Reply