[Zope] Re: [Zope-dev] New: Cross Site Scripting vulnerability
Thomas B. Passin
tpassin@mitretek.org
Tue, 25 Sep 2001 14:17:50 -0400
[Bill Anderson]
> > umm chris,
> >
> > you're right, but this example
> >
> >
http://www.zope.org/Documentation/<SCRIPT>alert(document.domain)</SCRIPT>
> >
> > executes the script. I don't exactly see why/where but I feel
>
> Perhaps it is a browser thing? It isn't being executed by Galeon.
>
>
> Bill
>
Pasting that URL into IE and Netscape 4.73 in Win2000 didn't execute it
either.
Tom P