Well, it *used* to work, when Petruchio used <script> tags. Now that they've been replaced with an onLoad event handler, the problem is back.
Maybe it should say something like...
"Disable <script> tags and comment out their contents on home nodes. This may make you feel good, but will not actually protect you."
Update:Browsers that run the script on Pertruchio's homenode:
/me notes that the alert box is displayed (minus the cookie's value) even if you're not logged in, so you can test it safely.
- MSIE 5.1.3 (MacOS X)
- Opera 5.03b393 (Mac OS X)
- MSIE 5.50.4807.2300 (Win 2000)
- Netscape 4.08 (Win 2000)
print chr 0x5b;print;print chr(0x5b+0x2);