[thelist] more XSS vectors to be aware of

[trevor]

Greetings!

I know some people on this list are keeping aware of  security issues - I 
recently discovered this thread, and I thought I would share,  so any 
webmasters out there who inspect their own weblogs and such can test this 
for themselves.

http://www.technicalinfo.net/blog/security/20080121_UserAgentAttacks.html

I tested a bunch of variants, while using a couple "popular" stats reporting 
apps, and they were sanitizing properly - but in case anyone is rolling 
their own, hope it helps someone.

best regards,
trevor