gbulmash's Journal: CSS Trick Hijacks MySpace Pages, Blogs

I got a MySpace friend request this morning. When I clicked over to the person's page, I found that clicking just about anywhere on it sent me to a porn site. Looking at the source, I found that this was accomplished through a simple piece of CSS. Wondering how effective it was, I tried it on my Akismet-protected blog and another and was able to hijack the pages. Seems that anywhere that you allow people to put HTML tags in a comment, unless you're filtering for this, they may be able to hijack the page where the comment is displayed.