XSS? [script]window.alert('XSS! ' + document.cookie)[/script]
-
Question: is there a XSS in the "Side Bar WTF" widget on the front page of the main Daily WTF site? The previous post about <filename>.dmg showed up on the main site with the <filename> bit not escaped, which makes me wonder how this post will show up.
Also: What is it with blocking Mailinator email addresses? It's not like I'm going to trust my real email address to the people who wrote this...
-
And yay! The exploit is live and working on the front page.
-
TDWTF has been h4xxored