Categories
Web WordPress

Cross-Site Scripting Worm Floods MySpace

This is why WordPress.com strips Javascript from posts. The potential for devilment is limitless without filtering!

Comments

comments

By Donncha

Donncha Ó Caoimh is a software developer at Automattic and WordPress plugin developer. He posts photos at In Photos and can also be found on Google+ and Twitter.

3 replies on “Cross-Site Scripting Worm Floods MySpace”

The potential for devilment is pretty high even with filtering, it seems: MySpace are also pretty vigorous in removing Javascript from any text entered by the user. It’s worth reading the description of how the specific exploit was done over here: http://namb.la/popular/tech.html and asking yourself if something like that could get past your own (or Worpress’) filters.

Leave a Reply to omfg click here Cancel reply