Looking at the code of the spoiler plugin:
1) it's definitely the problem
2) I'm pretty sure I could string together arbitrary javascript because it allows dot and parentheses, which means I have access to eval() and can generate characters I need with String.fromCharCode().
Your risk profile is kind of limited because members need to be approved, and it still needs user interaction.
1) it's definitely the problem
2) I'm pretty sure I could string together arbitrary javascript because it allows dot and parentheses, which means I have access to eval() and can generate characters I need with String.fromCharCode().
Your risk profile is kind of limited because members need to be approved, and it still needs user interaction.
"Kitto daijoubu da yo." - Sakura Kinomoto