![](https://seccdn.libravatar.org/avatar/b12cfb65ca4faebc3e3aac17838e8f8d.jpg?s=120&d=mm&r=g)
On Friday 27 April 2007 20:37, Cristian Rodriguez R. wrote:
Randall R Schulz escribió:
You've got to clarify this. I see an HTML form that submits PHP code.
no, the html form does not submit PHP code, what you are seeing **is** PHP code mixed with html, that is interpreted on the server.
<form method="post" action="<?php echo $SEVER['PHP_SELF']; ?>">
will be displayed to the user browser as:
<form method="post" action="myscript.php">
where myscript.php is the name of the current script in execution.
in this case, the programmer laziness permits and XSS attack.
I see.
...
How is that not an avenue for an injection exploit?
it is, but for XSS.
What is XSS?
XSS == Cross Site Scripting
I'm aware of the issue, just not the acronym. RRS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org