Sites that accept content from untrusted users are expected to sanitize that content, to remove potentially harmful scripts and scripted attributes. In cases where a link is provided, sites would typically want to remove any links which use scripted protocols. In Opera, if the protocol string contains Tab characters, the character will be ignored, and the link will still be treated as a scripted protocol. This can cause naive sanitization filters not to realize that the link is potentially harmful.
Opera Software has released Opera 11.00, where Tab characters are no longer accepted in the protocol string of a link.
Thanks to Jordi Chancel for reporting this issue to Opera Software.
Need help? Hit F1 anytime while using Opera to access our online help files, or go here.