Yahoo XSS security problem

This page includes a copy of the flawed code used by Yahoo maps which allowed Cross Site Scripting attacks, see blog entry Mozilla and safari are actually safe from this particular example as they do not URI decode the location.hash, however IE and Opera are not.

You need to paste this into your browser when not on the current page (otherwise it will just be a navigation to a new hash which doesn't re-execute the global script."onload='alert("EEK!")'