Unsanitized Data – An XSS Case Study                                 Chapter 4

            A plain script tag, without any obfuscation, escape characters, or exotic attributes, is a
            pretty slow pitch, as follows:




























            When we look at the result of the submission, no BMFSU   window is displayed and there's
            nothing to else to trigger the execution of the code, as follows:































                                                    [ 67 ]