Revision as of 00:23, 11 February 2002 edit Brooke Vibber (talk \| contribs) Extended confirmed users 10,087 edits Titles with funny tags -- search page's fault? ← Previous edit		Revision as of 00:42, 11 February 2002 edit undo Bryan Derksen (talk \| contribs) Extended confirmed users 95,333 edits the evil javascript from Goatsec.xs Next edit →
Line 248: :This is partially fixed; non-approved HTML tags are no longer let through, but they're not checked for internal safety. Ie, I can still do the <u style="color:blue;cursor:pointer;" onclick="alert('Whoa.')">same thing</u> using a "safe" tag. JavaScript-releated elements should definitely be removed... --[[user:Brion VIBBER\|Brion VIBBER]] 2002/02/06 Here's another example of evil javascript I found over in the Goatsec.xs article. It used to lead to the web page in question, but I've rewritten it to spare your eyeballs. Just move your mouse pointer over the link and then without clicking it move your mose pointer off of it again. <u onmouseout="document.___location='h'+'ttp://www.wikipedia.com/wiki/Goatse.cx'">http://www.wikipedia.com/wiki/Goatse.cx</u> ----

Wikipedia:Phase II bug reports: Difference between revisions