Archive for May, 2006
This particular variant was submitted by and was based partially off of Ozh’s protocol resolution bypass. Thiscross site scripting example works in IE, Netscape in IE rendering mode and Opera if you add in a tag at the end. However, this is especially useful where space is an issue, and of course, the shorter your domain, the better. The “.j” is valid, regardless of the MIME type because the browser knows it in context of a SCRIPT tag.
Posted in 
Tags: 