My BlackICE stops this from XSS from happening, however changing the URL from a .ae domain to a .com and leaving the rest in tact, I am then prompted. http://www.google.com/search?hl=ar&q=<script>alert("1")</script>&meta= Ashes -----Original Message----- From: almfnod@xxxxxxxxx [mailto:almfnod@xxxxxxxxx] Sent: Tuesday, April 04, 2006 2:35 PM To: bugtraq@xxxxxxxxxxxxxxxxx Subject: google xss http://www.google.ae/search?hl=ar&q=<script>alert("1")</script>&meta=