[thelist] Defining Irony, the XSS way

Christian Heilmann codepo8 at gmail.com
Fri Jun 15 09:27:54 CDT 2007

On 6/15/07, Joel D Canfield <joel at streamliine.com> wrote:
> > http://www-1.ibm.com/support/docview.wss?uid=swg21233077&loc=%
> > 22%3E%3Cbody%20onload=alert('FAIL')%20x=%22en_US
> I'm missing the point - if the page is told to alert 'FAIL' and it does,
> how is that ironic?

It is a tutorial about Cross Server Scripting attacks and how to
prevent them. The "fail" alert is injected to the page via XSS, so the
page itself is not protected against the thing it explains how to
protect yourself against.

Chris Heilmann
Book: http://www.beginningjavascript.com
Blog: http://www.wait-till-i.com
Writing: http://icant.co.uk/

More information about the thelist mailing list