We
-
Has anybody got a spare html_escape function left?
Maybe Petsmart.com has one...
PS: Alex, please do not exploit this vulnerability!
-
Hmm, either it's fixed now or The Real WTF is Google's RSS reader.
-
It might be that this is not so much a vulnerability as just a bad attempt at escaping HTML, i.e., blindly removing everything that looks like it might be a tag.
-
I expect Google Reader to be The Real WTF™.
-
@MyKey_ said:
I expect Google Reader to be The Real WTF™.
Google makes mistakes?
Quick, liquidate all of your GOOG before the world finds out!
-
I've noticed that the RSS reader on iGoogle has issues with all sorts of characters. Sometimes it just leaves things like "&" the way they are, and sometimes it breaks entirely...
-
Well it is escaped in the RSS, which means that Google didn't just not escape it, but actually unescaped it. WTF.