I found following problem in the WebBoard:
The Board has a paging function. User A can send a message to user B. User
B gets a javascript popup (produced with alert()) with the message from user
A.
The problem is that user A can close the alert() function and so he can
execute his javascript code on user B's machine.
Example of a message wich executes my code:
\');for(i=0;i<100000;i++) alert("not nice"); //
There is a function that escapes the ' but if i escape it it will be escaped
a second time ... the effect is that then the \ will escaped and the alert
is closed. so after that i can put my code! // (comment) this comment is
needed becaus there is still a '); from the alert, with the help of the
commen this will not produce an error.
greets helli
