On Mon, Apr 18, 2011 at 02:42:09PM -0400, tedd wrote:
[snip]
>
> No, I had a simple form where IF the user entered:
>
> <script> alert("Evil Code");</script>
>
> -- into the form's text field (i.e., $_POST['text'] ) AND clicked
> Submit, the form would
>
> echo( $_POST['text'] );
>
> -- and that would produce a JavaScript Alert.
>
> Here's the form:
>
> http://php1.net/a/insecure-form/index.php
>
> It was a simple working example of JavaScript Injection. But it no
> longer works and I want to find out why. The most popular reason
> thus far is "Browsers have changed", but I'm not sure as to what did
> change.
No longer works for *you*. Works fine for me. Ergo, I have to assume
it's a browser issue.
Paul
--
Paul M. Foster
http://noferblatz.com
http://quillandmouse.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
