

Ask.com doesn't escape their search results? - temuze
http://www.ask.com/web?qsrc=1&o=15142&l=sem&q=openwiki+script+david+alert

======
temuze
The first search result is <script>alert('David')</script>.

This is coming from one of the oldest, largest search engines on the web? I'm
pretty astounded.

It's already been reported. Credit where credit is due:
[http://www.reddit.com/r/xss/comments/jvc70/httpwwwaskcom_xss...](http://www.reddit.com/r/xss/comments/jvc70/httpwwwaskcom_xss_no_idea_what_i_did_p/)

~~~
geekam
Oldest I agree but Largest?

~~~
temuze
How many people running IE 6 have an Ask toolbar hidden up there somewhere?
Sure, it only has 1.7% of total searches on the web, but I'd wager that their
user base probably does far less searches than say, Google's user base.

