18 Dec 2008 by Sonvir Singh Attri
What this means is that, if you wanted to, you could embed exploits. Now, to be fair, it’s only in your own blog, and an exploit might get shut down pretty quickly, but on the other hand, some exploits are pretty subtle, and some will not be noticed until long after someone has surfed off somewhere else. And, of course, if it’s a rootkit, it might not be noticed at all. So far we have not found any overt exploits, but we do keep finding obfuscated automatic redirects to bogus search engines or porn pages.
Naturally, we’ve taken the precaution of preemptively blocking those scripts, but it’s easy to see how that school teacher recently got into trouble for having porn on the computers under her control.