XSS? [script]window.alert('XSS! ' + document.cookie)[/script]
Question: is there a XSS in the "Side Bar WTF" widget on the front page of the main Daily WTF site? The previous post about <filename>.dmg showed up on the main site with the <filename> bit not escaped, which makes me wonder how this post will show up.
Also: What is it with blocking Mailinator email addresses? It's not like I'm going to trust my real email address to the people who wrote this...
And yay! The exploit is live and working on the front page.
TDWTF has been h4xxored