|
|
|
|
|
|
by try_again
1681 days ago
|
|
|
That's really just a failure of input sanitation or not properly escaping special characters or putting the comment in CDATA when constructing the XHTML. Basically that blog allowed an injection attack. Not XHTML's fault, the same software would have allowed any comment to do god knows what in HTML. |
|
|