1 <select name="class">(^2)
(^3)
(^4)
8
The server-side code did not check to see whether you were eligible for a
first-class ticket; it simply relied on the option not being available. The form
was then sent via JavaScript. So, all you had to do to get a first-class ticket
for the price of an economy seat was use FireBug to add a new option to
the form, select the value you wanted and send it off.
CSS
CSS is not really capable of doing much to the document and cannot access
the server... for now. One problem with CSS is background images that
point to URIs. You can inject code by somehow overriding these. The same
applies to the @import property for other style sheets.
Using expression() in Internet Explorer to make calculations (or, as in
most cases, to simulate what other browsers can already do) is dangerous,
because what you are doing in essence is executing JavaScript inside a CSS
block. So, don’t use it.
CSS is changing a lot now, and we are giving it more power than ever
before. Generating content with CSS, animation, calculations and font
embedding all sound absolutely cool, but I get a prickly feeling in the back
of my neck when I look at it right now.