on Tue, Feb 05, 2002 at 11:42:37AM +0100, Knud Erik Højgaard wrote: > To add to the late plethora of CSS bugs, ign.com has some too. Would this be the right place to beg that the industry adopt the saner acronym "XSS" for "Cross site scripting", to distinguish between it and CSS, which to a large number of netizens means "Cascading Style Sheets"? Every time I see one of these reports, I think "how can there be a bug in CSS? It's a W3C Recommendation, not a piece of software..." Of course, the article I wrote on the subject back in April of 2000 for Webmonkey /still/ allows you to do things like this: http://hotwired.lycos.com/webmonkey/00/18/index3a.html http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.html?tw=barney http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.html?tw=has%20no http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.html?tw=<script>alert("!");</script> Sigh. Steve -- hesketh.com/inc. v: (919) 834-2552 f: (919) 834-2554 w: http://hesketh.com
