Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

The JavaScript alert(), confirm() and prompt() functions in Firefox, Opera and MSIE (but not Safari) will truncate the message after any null character. So an unsuspecting programmer who inserts user-provided text into one of these dialog boxes opens up an opportunity for the user to rewrite the bottom of the dialog box.

Neil Fraser

Posted 13th January 2007 at 12:28 pm

Tagged , ,

0 comments

No comments.

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site