On Monday, April 18, 2011 at 1:06 PM, tedd wrote:
Hi gang:
>
> Quite some time ago I had a demo that showed Javascript injection. It
> was where a user could type in:
>
> <script> alert("Evil Code");</script>
>
> and a JavaScript alert would be shown.
>
> But now my demo no longer works. So, what happened? Was there a php
> update that prohibited that sort of behavior or did hosts start
> setting something to OFF, or what?
>
> If you know, please explain.
>
> Thanks,
>
> tedd
> --
> -------
> http://sperling.com/
Not that I know of. Are you talking about on-page injection, like comments and
such? Normally JS injection would be that (bad scripts inserted by the user on
a comment form or review page) or where you are using eval() and they dump bad
code into there.
Regards,
-Josh___________________________________________
Joshua Kehn | [email protected]
http://joshuakehn.com
