It looks like someone calling themselves "SPONGE" on this page 

 

It looks like they are deliberately using malformed HTML to get past YouTube's checks for HTML sanitisation in the comments. The comment I've seen is using the long forgotten marquee tag and a javascript alert, though in principle it could be expanded to support XSS type flaws.

It looks like YouTube are dealing with this currently be deleting comments presumably until the can fix their code.

I'd suggest staying away from YouTube until they have this fixed or at least logging out of YouTube if you use it.

Posted via email from Richard Cunningham's posterous