Yesterday, we stumbled on to a link posted on the JVF Blog taking us out to a seemingly innocuous link found on my.nbc.com. What was odd was that when you clicked on the link, it would take you out to my.nbc.com, but after a few moments it would redirect you out to a site selling adult videos.
We scoured the source on my.nbc.com and found that there were no apparent “script” tags or “META” tags present to force the delayed redirect. However, after doing a little more digging we found the following tag smack dab in the middle of the page:
Please beware of folks attempting to hijack your sites with leaving Blog comments, profile updates, etc with this method. If there is any way for you to have more control over your site to “strip tags” on all comments, I’d do so just to make sure you’re safe.