Parser Attack Via eval

The HTML parser works by converting each tag in the HTML data into a Tcl command. This introduces the danger of compromising the browser system by trying to get the HTML parser to inadvertently evaluate a Tcl command inserted into the HTML data.

Attacks on the html parser via the use of the eval command: puts "gotcha #3"

puts "gotcha #4"

Some text with a command in it [puts gotcha]