xss cross support

[Darclear]

I visit a website that is a video dump for several different video sharing sites. Tinypic has blocked the website, so now he sends the url to another website in a frame to send back the embed code. I allow the other website, but the document.write code is stripped of the code that makes it work.
this code:
document.write(' <embed width=440 height=380 type="application/x-shockwave-flash" src="http://v4.tinypic.com/player.swf?file=2 ... 2Fembed%3E">');

returns only this text:

embed width 440 height 380 type application/x-shockwave-flash src http://v4.tinypic.com/player.swf?file=2 ... 2Fembed%3E

the <> and quotes and the = sign are missing. I have gotten it to work before, but i have had to reinstall firefox and now have to figure out how to get it to work again.

[Guest]

Didnt see the edit button, this is the code:

Code: Select all

embed width 440 height 380 type application/x-shockwave-flash src http://v4.tinypic.com/player.swf?file=2i7u2qu&s=4&ap=1%20%3E%3C%2Fembed%3E

[therube]

In your download manager, try removing the referrer.

So if the URL to the file is: http://v4.tinypic.com/player.swf?file=2i7abcdefg
& the referrer shows as: http://www.getyourvidshere/skatboardtricks.htm

remove the referrer, http://www.getyourvidshere/skatboardstunts.htm
& see if that doesn't allow the download.

Otherwise, URL where this occurs?
(post it in "plain text" if it is an inappropriate site)