|
|
|
|
|
|
by nickbw
5856 days ago
|
|
|
A couple folks have kindly pointed out that it's wide open to to XSS attacks, since it allows full HTML posting. This is 100% true ... and doesn't matter one bit. The only information to steal via XSS is the password, and anyone who can submit an attack necessarily already knows the password. You can exploit this to annoy friends you're chatting with. Try, for example, submitting: <style>body { background: #cc3333; } a { color: #cc3333 }</style> |
|
|