http://wechall.net/forum.php?action=showthread&boardid=12&threadid=62%27%20onmouseover=alert(5);%20s=

you see how hypocritical they are, not even acking this.



o im's so smart i think i can htmlescape stuff and then put them between single quotes;

Thanks for reporting another flaw.
The hole (and similars) should have been fixed by Kender this morning.

Greets
Towley