[color=blue][b]Description:[/b][/color]
Actually our current js linker, especially the one on the current generator has a security hole that makes people be able put some kinda malicious script by ins
[quote=November]Notice this part on the generated code..
<a href='URL OF JS' id='cradle'></a>
that's the thing.. u can actually insert the same id on comment usually by inserting fake image with js on it.[/quote]
i dont really understand this part how come a link can execute js...
aint that incomplete...
and since script cant be read without any convertion since fs filtered that part...
i think theres nothing to worry unless some wicked
individuals will try to find out.. but since this thread is open.. then u juz gave away a hint...