Cross-Site Scripting Worm Floods MySpace

This is why strips Javascript from posts. The potential for devilment is limitless without filtering!

Author: Donncha

Donncha Ó Caoimh is a software developer at Automattic and WordPress plugin developer. He posts photos at In Photos and can also be found on Google+ and Twitter.

3 thoughts on “Cross-Site Scripting Worm Floods MySpace”

  1. The potential for devilment is pretty high even with filtering, it seems: MySpace are also pretty vigorous in removing Javascript from any text entered by the user. It’s worth reading the description of how the specific exploit was done over here: and asking yourself if something like that could get past your own (or Worpress’) filters.

Leave a Reply