ljnp4u (ljnp4u) wrote in lj_dev,

Javascript exploit.

Someone still awake ?
I'm going to bed so I'll just drop this here:

I discovered a way to run javascript on livejournal.

I think it's fairly easy to clean up with the cleanhtml.pl, but I'll let you play with it because just plainly stripping it would get rid of an otherwise beautiful thing.

Anyway, I made an example post here : http://www.livejournal.com/talkread.bml?journal=ljnp4u&itemid=100792
It is a private post, I assume the right people to deal with this issue have a way of reading this post, and this would be a good place to reach them.

If not, the things that were written in that post have been copied to bradfitz@livejournal.com

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded