Interesting.... I'm curious as to what kind of validation is used on the " parameter when it's used in an HREF tag.
On a side note, I recently came across something similar to the [EMAIL PROTECTED] phishing trick. The url below demonstrates the vulnerability:
As you can see... the URL above will direct the user to seclists.org. I'm guessing this has more to do with the way DNS handles the request as opposed to browser vulnerabilities. It could be used for phishing attacks though.....
BK
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/