Hehe. I've seen this before. When a News.YC user dataset was released I downloaded it and noticed that this user's file was the largest, so I checked it out.
Now out of curiosity, how did you find this user? He hasn't been very active it seems since he signed up over a year ago. (I see only one comment for this user).
I apologize. I didn't mean to assume anything. I used the fact that this user has made 1 comment over a year ago and had only 2 karma from that one comment to base my statement. It's also why I said it "seemed" that he hasn't been active. That's why I was wondering how this user was found.
"... I apologize. I didn't mean to assume anything. I used the fact that this user has made 1 comment over a year ago and had only 2 karma from that one ..."
Don't appologise - there is nothing wrong with your comment. I was just pointing there is an existing user that made it. I didn't want to name them w/o being sure.
I can't guarantee its safety, but I glanced at his JS, and it seems harmless.
(later edit: I probably should have posted this during the day to give someone a chance to fix it so no one new actually exploits this... should I delete it?)
haha wait, the javascript injection is "broken" in IE? so does the injection just not work or does it work but the effect looks crappy? because if the injection doesn't work i sure wouldn't call that broken.