Tue 25 Apr 2006 03:41:02 PM PDT
QoTD: Joey Hess
"Somehow the web has evolved a backwards security model that wants sites with dynamic content to be responsible for policing that content for things that could cause security issues, instead of just making browsers actually secure so that no possible html can be a security issue. Which is of course absurd, but the various types of potential cross site scripting attacks that users of your wiki will be vulnerable to if it doesn't try to sanitise its html are nothing to laugh at."
-- Joey Hess
(bonus link: Michal Zalewski. Scroll down for "mangleme".)