Ozh
Some "fun" with Cross Site Scripting : skinning Flickr with MSIE
MSIE allows some "cross site scripting" (XSS) which is normally unallowed remote code execution.
Here is a screenshot of my Profile page as viewed in MSIE before the admins fixed this issue (only worked in MSIE, maybe Opera, but not Firefox)
This was done by embedding another style sheet, "hidden" in an image
tag. The external stylesheet used only text and div styles with no use
of image except for the Flickr logo. Ok, it's rather ugly, but I was more on the "proof of concept" than on a design contest :)
I've explained the whole trick on my blog : Cross Site Scripting, Skinning Flickr with MSIE
Some "fun" with Cross Site Scripting : skinning Flickr with MSIE
MSIE allows some "cross site scripting" (XSS) which is normally unallowed remote code execution.
Here is a screenshot of my Profile page as viewed in MSIE before the admins fixed this issue (only worked in MSIE, maybe Opera, but not Firefox)
This was done by embedding another style sheet, "hidden" in an image
tag. The external stylesheet used only text and div styles with no use
of image except for the Flickr logo. Ok, it's rather ugly, but I was more on the "proof of concept" than on a design contest :)
I've explained the whole trick on my blog : Cross Site Scripting, Skinning Flickr with MSIE