Certain characters in HTML can incorrectly be ignored, which can facilitate XSS attacks – Opera Security Advisories




Sites that allow content to be provided by untrusted users, such as forums and blogging sites, typically sanitize the untrusted content to ensure that it does not contain any harmful content, such as malicious scripts. When certain characters appear at specific locations within HTML markup, they can cause Opera to ignore either that character, or the one following it, potentially altering the interpretation of the following markup. This can be used to facilitate cross-site scripting (XSS) attacks against Opera, without being detected by a sanitizer.

Opera’s Response

Opera Software has released Opera 12.01 and Opera 11.66, where this issue has been fixed.