Is someone up to Cross Site Scripting? ;)
--Shreyas
On Mon, Apr 18, 2011 at 10:39 PM, Joshua Kehn <josh.kehn@xxxxxxxxx> wrote:
> On Monday, April 18, 2011 at 1:06 PM, tedd wrote:
> Hi gang:
> >
> > Quite some time ago I had a demo that showed Javascript injection. It
> > was where a user could type in:
> >
> > <script> alert("Evil Code");</script>
> >
> > and a JavaScript alert would be shown.
> >
> > But now my demo no longer works. So, what happened? Was there a php
> > update that prohibited that sort of behavior or did hosts start
> > setting something to OFF, or what?
> >
> > If you know, please explain.
> >
> > Thanks,
> >
> > tedd
> > --
> > -------
> > http://sperling.com/
> Not that I know of. Are you talking about on-page injection, like comments
> and such? Normally JS injection would be that (bad scripts inserted by the
> user on a comment form or review page) or where you are using eval() and
> they dump bad code into there.
>
> Regards,
>
> -Josh___________________________________________
> Joshua Kehn | Josh.Kehn@xxxxxxxxx
> http://joshuakehn.com
>
>
>
--
Regards,
Shreyas Agasthya
