Hello, > This is actually more than just another hotmail glitch. Many (all?) web > services are doing things wrong: Yes, the problem with JavaScript enitities (ie, &{<expression>};) happens all of over the Web. Here are some places that I have found where it is possible to inject JavaScript code into Web pages: 1. Most Web Email services 2. Most Web message board software 3. Most guest book software 4. Yahoo profiles (this has now been fixed) 5. Techstocks Web board messages. 6. Some search engine result pages 7. eBay auction postings 8. Netcenter (now fixed) Basically a JavaScript enitity can be added to the end of any URL for an image or a link. When the page is displayed, the code in the enitity is executed. Pretty much any Web site that allows user supplied information can have the problem. Richard
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:03:54 PDT