I disagree. Rewriting the escape/unescape function is a good practice for preventing an XSS attax - and those preventing an user to submit some js code that would be executed in some other user's context when he just open the site.
And face it - that is exactly what yue have tryed to do - executing an additional javascript (that is loaded from an external server) when a user opens a page. Sounds pretty evil to me ;-)
I disagree. Rewriting the escape/unescape function is a good practice for preventing an XSS attax - and those preventing an user to submit some js code that would be executed in some other user's context when he just open the site.
And face it - that is exactly what yue have tryed to do - executing an additional javascript (that is loaded from an external server) when a user opens a page. Sounds pretty evil to me ;-)