Matt Haughey started catching hell from members of a site called Shoutwire who thought he had hacked Fox News to steal traffic for his personal weblog, A Whole Lotta Nothing. Turns out that loading a Fox News story within a frame, as Shoutwire did, triggers some Javascript code that redirects the visitor to "http://nothing": if (parent.frames.length > 0) {   parent.location.href = "http://nothing"; } In Mozilla Firefox, trying http://nothing takes users to the top Google result for the word nothing -- ... read more

When his weblog moved in March, Michael Fioritto put JavaScript in the first item of his RSS feed to redirect visitors to his new site.The news aggregator AmphetaDesk read the script tag and executed the redirect, making it impossible for me to use the software until I unsubscribed from his feed, which probably wasn't the effect he was going for.An aggregator that doesn't strip out script and other dangerous tags is a security exploit waiting to happen. ... read more