I “tweeted” about this but I had to post it here as well. I just realized that my new article for SearchSoftwareQuality.com on XSS actually executes JavaScript when loading because of some sample code I inserted into it!! It’s not actual XSS but looks like it! Ahh the irony.
Finding cross-site scripting (XSS) application flaws checklist
BTW, I’m working on getting it resolved…