Last night I had an idea that I've been programming;
I affectionately dub it: "securityhole.py."
The idea is that you change the HTML+Javascript to whatever you want. What's the kicker? There's a function in the Javascript for executing any Python code on the server.
(That is, on securityhole.py.) "Why, Lion, WHY?!?" ...well, I am getting deeply into user interface coding with Javascript, but my Python code is just too powerful, and the ability to read & write files and such, ... So, I can write my HTML and Javascript, and then whenever I need to do anything in Python, whenever I need to do anything with the filesystem, or pull some resource from elsewhere on the Internet, I just make this special function call, and, ... "Yeah," it's a security hole, but it's one only accessible from localhost.
"What about XSS?"
Well, ok, that has me worried.
