Don Marti

Tue, 25 Apr 2006

QoTD: Joey Hess

"Somehow the web has evolved a backwards security model that wants sites with dynamic content to be responsible for policing that content for things that could cause security issues, instead of just making browsers actually secure so that no possible html can be a security issue. Which is of course absurd, but the various types of potential cross site scripting attacks that users of your wiki will be vulnerable to if it doesn't try to sanitise its html are nothing to laugh at."

-- Joey Hess

(bonus link: Michal Zalewski. Scroll down for "mangleme".)

/qotd   #  

--
Don Marti <dmarti@zgp.org>

index

powered by blosxom

This banner is hidden from standards-compliant browsers. If you can see the banner, consider switching browsers.

photodropper DirectBuy Yahoo TMDA Lexmark Linux news from LinuxWorld.com Scientology AdTI SSH SCO CP2102 Linux Herbalife Jerry Reynolds VX30 PowerPoint Matt Harrison nutzwerk intelligent design Eaton Powerware