>How is that a problem here? Your previous message doesn't render with any active content...
I was just fixing this up. Actually looks like Michel has fixed a lot of them now (used to be able to get ANY tag to work just by putting spaces between the brackets)
But the following vulnerability still exists:
Click here for cross Site Scripting Exposure here
It'll pop up an alert box, but this can be used to get people to click and capture say your cookie here. But at least the drive-by XSS attacks look like they are addressed now.
+++ Rick ---
>
>>There are actually huge security holes here. You can pretty much add any attribute if you leave spaces between the brackets.
>>
>>< script >alert('Gotcha')< /script >
>>
>>test
>>
>>+++ Rick ---
>>
>>>If you try to preview or save a message with an unsupported HTML tag you get an error message. The message lists the tags that are supported, but that list is incomplete.
>>>
>>>For example, the
Superscript tag is supported.