Все больше EV вижу в 2015
Понеслась новая мода :) Уже даже СМИ журналы делают.
It was brought to my attention last week that an RDNS XSS could exploit LookingGlass. As it turns out, illegal characters are not filtered on a lower level (as RFC1034 would suggest).
LookingGlass was vulnerable as it simply outputs the contents from a terminal. The fix applied uses htmlspecialchars() to filter stdout from terminal.