> <body onload="location='';alert('DoS');">

Welcome to the world of browsers. You could just as easily do
"while(1) alert(1)". See:

http://code.google.com/p/browsersec/wiki/Part2#Defenses_against_disrupti
ve_scripts

/mz

[ reply ]