Some of you might ask now: Why would this be a security leak?
Well, have a look at my userpage
. You can see a small gif with text around it that says Klicke hier fÃ¼r Hilfe
So, the security leak is:
- By allowing anything with the src-attribute you open up a security hole.
- A violation of the privacy of your website's members
- Unwanted windows might open up
- Someone could claim with my example script to be part of the staff of the website and ask for a password or do any other harm to the visitors of your site
So please don't allow all html-tags. :)
Greetings from the sunny Germany!