SecuriTeam Blogs » XSS Fragmentation Attacks
Javascriptをフィルターしていないようなサイトで、フラグメントしたJavascriptでXSSが発生するそうです。
A newly released paper shows how a fragmentation attack can be used to cause web site that don’t filter out content too strictly to include arbitrary javascript which in turn can be used to cause a cross site scripting vulnerability. One such web site is of course MySpace.com.