For more information, see Cheng Peng Su's original advisory. This particular exploit code appears only to work in Internet Explorer, if it works at all.
ASCII | Raw | Output | Render |
---|---|---|---|
By making sure that UTF-8 is well formed and non-SGML codepoints are removed, as well as escaping quotes outside of tags, this is a non-threat.