Taken from vbulletin.com, should be noted when makeing new templates or updateing old ones.

http://www.vbulletin.com/forum/showthread.php?t=143261

In order to work around an XSS bug in Internet Explorer, wherever a page contains <title> tags, the <title> has been moved below the $headinclude section.

For Example


<head>
<title>$vboptions[bbtitle]</title>
$headinclude
</head>


Becomes


<head>
$headinclude
<title>$vboptions[bbtitle]</title>
</head>

* Revan has already updated templates for RPG for vB 3.5 with this change :)

Also taken from vB.com, a way to use template find/replace to solve the problem. ;)

http://www.vbulletin.com/forum/showthread.php?t=143320

Umm.. What's the difference whether the title tag is above the insert or below the insert? I can't think of a situation where this would be of any importance. Thanks.

Umm.. What's the difference whether the title tag is above the insert or below the insert? I can't think of a situation where this would be of any importance. Thanks.
Obviously it is an importance in IE because of some bug.

So IE won't read the title tag if it is not the first one within the head tag?

That's not the bug. It's an XSS bug.

http://en.wikipedia.org/wiki/XSS

Since this is not a How-To, I believe this should be moved.
Or even deleted since it is outdated (fixed in 3.5 gold)

Since this is not a How-To, I believe this should be moved.
Or even deleted since it is outdated (fixed in 3.5 gold)
It's in the right place and won't be moved or deleted as it is important information for Hack authors. :)

It's in the right place and won't be moved or deleted as it is important information for Hack authors.

I thought How-To was for instructions on how to make hacks...
This is kind of a bug report. I think this should be on vbulletin.com rather than here. :)

this is a how to for hacks
it tells hack authors proper placement of titles in their hacks

I'm confused. Is the XSS caused by <title> being the first element in the <head> tag, or is it caused because <script> tags are placed after it in the <head> tag. Is this simply a browser quirk or is it because your $headinclude or intended <script> might be untrustworthy?

As you can see the problem of not fully explaining the attack points, while preventing people from having the knowledge to execute attacks, also prevents coders from being able to prevent them because they don't have all the information, and get ideas such as "I guess I can't place ANY code after the <title> tags but before the </head> tag in ANY web page (not just vB pages)."