On 24 January 2012 06:59, Daniel Friesen <lists(a)nadir-seen-fire.com> wrote:
..
Don't delude yourself into thinking that you can
easily blacklist the
elements that would run a script.
http://ha.ckers.org/xss.html
What about using textNodes?
http://stackoverflow.com/questions/476821/is-a-dom-text-node-guaranteed-to-…
--
--
ℱin del ℳensaje.