tumbler test
I really didn’t think that tumblr would allow *any* javascript in a page, but I was able to pull in an alert box. How did it work in your dashboard? I suppose we are all relying on the community to police? only one way to test. I will create a test account, insert malicious JS, follow it and we will see what happens: will report back momentarily.
so http://itsjustatest.tumblr.com/ is the test account and it looks like the content is the only thing shown to followers in the dashboard. there is an alert in there, but it has no effect until you actually go to the post.
