Posted by Carl Vondrick on 05/05/06 06:11

Ben Holness wrote:
> Is there anything else I should check for?
You can put JavaScript in CSS. Example:

background-image : url('javascript:alert(msg);');

> How vulnerable does having this option leave me?
If you do it properly, you should not have any problems. My suggestion is
to implement Smarty in this case, as then you give your visitors COMPLETE
control.

--
Carl Vondrick
Web-Enginner
www.CarlSoft.net
To contact me, please use my website.

[Back to original message]