Tag: xss

• posts

• IE, JSON, and the script tag

  Feb 14, 2009

  • javascript
  • json
  • ie
  • xss
  My coworker recently introduced me to one of the most blatantly bad behaviors in web browser history. He introduced it thus: Out[1]: simplejson.dumps({'foo': '<script>alert(document.cookie);</script>'})Out ...