Hi all,

Don't ask why, but I developed a way to dynamically view the output of HTML onto a div element. Here's the relevant code:

Code:
<SCRIPT LANGUAGE="JavaScript" TYPE="Text/Javascript">
function update(){
  document.getElementById('targetA').innerHTML=document.getElementById('targetB').value;
}
</script>

<textarea onKeydown="update()" id="targetB" style="width:100&#37;;">
<div id="targetA" style="position:absolute; border:1px solid #777777; background-color:ffffff; padding:20px;"> &nbsp;  &nbsp; </div>
Basically, for the purposes of what I am doing, it would be nice if I could put this online and allow people to dynamically build a web page or part of a web page right there.

Now, I am expecting someone to bonk me on the head with the pretense that there is a huge security hole in this. The only problem is, I personally can't think of one. Yes, you can type something like:

Code:
<iframe src="http://www.google.com"></iframe>
and have it load an iframe with google loaded in it. So basically I would like to request that someone please point out some obvious security hole that isn't so obvious to me right now so I don't get my hopes up of actually being able to use this.

Thanks in advance