[tonyarkles]

> I could also respond with code that would be eval'd making development very easy

In dev only, I hope?! I honestly love the idea as a super fun hack, but the security implications for prod are terrifying.

[geocar]

Not sure there was much risk: The web application used a private IRC server with name+password registered users. L3 support who /msg'd a user session some JavaScript doesn't seem likely as the messages were all logged, and anyone with fileserver access could just put whatever they want in the <script> tag anyway...