
Cross Site Scripting is a Big Problem [bug fixed] - staunch
http://nycs.bigheadlabs.com/search1/?q=%3C%2Fh3%3E%3Ch1+style%3D%22font-size%3A+100px%3B%22%3ECross+site+scripting+is+a+big+problem.%3C%2Fh1%3E%3Cscript%3Ealert%28%22One+must+filter+users+input+or+render+it+harmless+or+bad+things+can+happen.%22%29%3C%2Fscript%3E
======
jasonyan
I guess it's a good thing there's no authentication on that site.

~~~
staunch
Any domain cookies for .bigheadlabs.com are vulnerable, which _could_ be a
real problem (Wordpress admin maybe?).

Domains are so cheap now that I almost always buy one for every project (even
hacks) these days, partially just to isolate potential XSS issues.

I didn't mean to imply anything disparaging towards you, this kind of annoying
stuff pops up even at Google. It's so easy to miss a spot, especially on quick
hacks.

Thanks for creating that site, it's an awesome contribution.

