Talk:Testing for DOM-based Cross site scripting (OTG-CLIENT-001)

I've now tried this PoC code local and remotely without any receiving any alert box: document.write("Site is at: " + document.location.href + "."); I've tested this in both FF3, IE7 and IE5. Can anyone explain why this simple PoC won't work?