Submission + - Question on forums and remote javascript execution
movdqa writes: "This is more of a question than a story.
I use a forum site from time to time and someone showed some nifty tools to display inline images of charts given ticker symbols. The code uses the tag to execute some code that then executes Javascript code on a remote site. This seems like a security hole to me.
I notified the website that I suspected that they have a security hole in their software. Do the folks here consider this a security hole or am I being overly paranoid? What do folks here do when they run into this sort of thing?"
I use a forum site from time to time and someone showed some nifty tools to display inline images of charts given ticker symbols. The code uses the tag to execute some code that then executes Javascript code on a remote site. This seems like a security hole to me.
I notified the website that I suspected that they have a security hole in their software. Do the folks here consider this a security hole or am I being overly paranoid? What do folks here do when they run into this sort of thing?"