SleepyEgg

Eager YouTube fans were greeted with annoying pop-ups, disabled comments, and even porn redirects over Independence Day weekend as they tried to scope out their favorite videos. A group of malicious pranksters—believed to be from 4chan—was able to take advantage of an cross-site scripting vulnerability in YouTube's comments Sunday, breaking as many video pages as possible before Google stepped in with a fix.

YouTube heavily restricts the use of HTML in the comments for videos, and with good reason. Left to their own devices, users could (purposefully or accidentally) redirect others to sites with malware or porn. YouTube employed a filter to ensure any HTML used in the comments was properly sanitized, but there was a flaw that allowed the 4chan crowd to get past the block with their own scripts.