2010 Jul 5, 4:23Cross-site scripting attack on YouTube over the weekend: "That turned out to be as simple as using two script tags in a row (<script><script>fun scripting stuff goes here!), as noted by
F-Secure researcher Mikko H. Hypponen on Twitter—the first of the two tags would get stripped, and the second was allowed through."
technical youtube security cross-site-scripting javascript
Some rights reserved