ok well tokens could be wasted by having their usernames changed by clicking java links and games could be refunded

DirtyHarry says

cookie hijacking, get rid of java

session cookies are secure, that's not really a threat

cookie hijacking, get rid of java

Since my post was deleted here's the same thing I said before again:

The hearts are harmless, they just spread and can be removed. It's when some script kiddie comes along who all they can do is change the text from a heart to something stupid that ruins it.

And javascript is not the biggest threat. You have to voluntarily click links for it to do anything. This'll probably get deleted if I say what is, but I'm sure anyone with a clue knows anyway.

lucid read this

You wanna block javascript? On Epicmafia.com?

who cares honestly

People have been using scripts for years now. I don't believe blocking javascript is the answer but something should be done about this

Lucid is and didn't code basic script protection into the profile system. You can run arbitrary javascript on your profile which can do a lot of .

maybe not.

i believe so. there was some thing going around with heart symbols.

does it?? the only way that'd happen is with images and i thought that was fixed

it loads auto when you go on their profiles

Does anyone ever READ what the link says before clicking on it? I didn't fall for that at all! Anyone...no one...okay I'll just slink away then....

I mean javascript like the one on foxie's, hamhamed, and piexar's profile

there's not really a solution besides to prevent urls altogether, and that would be a bleak future

Delete all messages from unknown users... dont even open thrm

That isn't Plexar btw, it's "Piexar".

jus' saying.

stop clicking on suspicious links ^.^

speeeeeed bump