Cross-Site Scripting Worm Floods MySpace

This is why WordPress.com strips Javascript from posts. The potential for devilment is limitless without filtering!

Comments

comments

3 Replies to “Cross-Site Scripting Worm Floods MySpace”

  1. The potential for devilment is pretty high even with filtering, it seems: MySpace are also pretty vigorous in removing Javascript from any text entered by the user. It’s worth reading the description of how the specific exploit was done over here: http://namb.la/popular/tech.html and asking yourself if something like that could get past your own (or Worpress’) filters.

Leave a Reply