Hi,

I've found a strange bug where by code quoted in the body of a page is being executed. This actually resulted in XSS type java popup. By a process of elimination I found this happens only when this extension is enabled.

The page this happened on is here

http://www.slideshare.net/zeroscience/cloudflare-vs-incapsula-vs-modsecurity