tudou.com UTF7-BOM Cross Site Scripting

xss attacks through utf7-BOM string injection the beginning of the utf-7 BOM chascter is from Gareth Heyes's paper 《XSS Lightsabre techniques》 ---------------------start---------------------------------- CSS expressions with UTF-7 • UTF-7 BOM character can force UTF-7 in a external style sheet •...