[elsamuko]

Looks nice, but please sanitize your input:

http://www.whatsmybrowser.org/b/STOW3UD

Also the site completely breaks if I add rare unicodes at the end of the user agent:

🐧

[VincDep]

And the nice XSS! http://whatsmybrowser.org/b/GXVP9QT

[knassy]

I'm interested in what's happening here. Can you provide a link/more info on what the XSS issue is?

(I honestly don't know and would love to learn about this. Thanks)

[keeperofdakeys]

From what I can see, the issue is fixed now. But simply, someone put html in their useragent, the site copied it as text, and included it as text in the html. The browser then interpreted it as html, and executed the javascript.

The fix is to parse inputs, and replace < and > with html entities. You can see this fix if you read the source for the page.

[pbhjpbhj]

http://oi60.tinypic.com/ngu97k.jpg you're not wrong.

[http://whatsmybrowser.org/b/4DNMRK6]

[dav-]

Post on Hacker News, expect to get "hacked".

[doktrin]

This appears to be fixed, but I did like the alert text in your stored XSS. Probably the first XKCD comic I ever read.