> > http://www.cybercash.com/<script>alert('hi')</script> > > or > > http://www.verisign.com/ <http://www.cybercash.com/><script>alert('hi')</script> > > Not sure how big a deal this is... but seeing as how the name verisign > is associated with "Security" I think it should be looked at. This > didn't work from my Mozilla browser on linux but it did from IE on > win2k... could be a browser detection method causing the varied results. > -KF >
Because of the popularity of XSS/CSS holes I have written a FAQ on the subject. Should be out in a week or so. If anyone has questions about cross site scripting throw me an email and I'll maybe add it to the faq. - [EMAIL PROTECTED] > >