Edit: Actually I think I can see how they basically faked it out - it's using radio buttons to identify what the selected answer is, and it's using post to retrieve it. But unless I'm wrong, POST can still be faked if someone knows what they're doing - what they need to do is actually check to make sure the answer submitted is a valid response XD
At least it wasn't anything vulgar/explicit that they submitted, right?
Oh my god. That is really insecure. You just have to modify ONE value and... it's really easy to hack. WOW. Suits them for having text as a value. None of that fancy injection stuff, you just have to use FireBug/Web Developer/Opera's Source editor! I put a value on there: "Is it this easy?" Yes. Yes it is.
But wait, It doesnt makes sense to me... does their code appends a new option to the survey when no match for the current vote is found? thats a pretty weird approach to adding options to a survey!!!. Can you imagine what a few of simple javascript can make to that site?? OMG!! they have SERIOUS design mistakes!
"The force is strong within you, I see. Stripping tags and protecting against the more advanced things. Too bad you guys go straight from a value field into displaying it. Havent you guys ever heard of"
Priceless and true. What good is blocking malicious things if you can't even make sure they're answering the survey properly XD
We're very sorry, but we have experienced a critical error and cannot show you the page you requested. Our engineers have been notified and are working hard to correct this issue as soon as possible. Please check back soon.
But they're still doing raw text values for the poll. They've probably implemented some sort of switch statement to keep any bad values out.