Yesterday RSnake posted about a ``XSS'' hole in Blogger. I don't really think it's XSS if you can only inject on your own blog, but whatever. It didn't sound too interesting that it was safari-only either, so I decided to extend the exploit to MSIE and Firefox, so here it is:
For the exploit I use that Firefox actually parses comments correctly and that MSIE has support for conditional comments.
Kudos to Jose Avila for the original exploit.