Endless Paradigm

I don't visit Youtube often, but some of you who do may have seen this?  Apparently, a HTML exploit was discovered in Youtube's commenting system.  By starting the comment with "<script>", one could insert arbitrary HTML onto the page (or something like that).  The actual tag gets filtered properly, but everything after doesn't.

http://www.google.com/support/forum/p/yo...9910&hl=en

I think comments are hidden now - unsure if the issue is actually fixed or not.

I guess 4chin SUCK people had a bit of a field day with this.

Random comment:

Quote:The evolution of this bug exploit was quite interesting to follow up close.

At first it simply prevented any further comments to be posted.
Then text was added.
Then the text was scrolling.
Suddenly, the entire page was blacked out except for the added text.

And that's when the more technical minded people realized much much more was possible.
Bam! Popups!
Infinite popups that lead to browser crashes!
Page redirects to shock sites!
The most sophisticated version I saw actually replaced the Youtube video in-place with the 1man1jar video..

And when the exploit was blocked in the comments, it had a small resurgence as video reply title, before being smacked down once more.

Glorious.

Woa. I'd like to see proof but it seems like YouTube got exploited alright.

Edit: Then again the "proof" is probably what I don't want to see... :/

I read somewhere that 4chin SUCK changed beiber videos to hershey kisses.

diego Wrote: [ -> ]I read somewhere that 4chin SUCK changed beiber videos to hershey kisses.

guess theres some good in the world after all.

diego Wrote: [ -> ]I read somewhere that 4chin SUCK changed beiber videos to hershey kisses.

lol, guess the exploit was put to good use

that would have been cool to see lol

Haha Rofl

lol @ sensei

yeah ive seen it.. covered the whole page or redirected to goatse :)