That's a great idea! Mine is already taken for Esc for vim, though.

That's when your query is filtered by Safe Search. For most people, I'd call it a feature, not a bug--you don't want "bra" results popping up when you're looking for information on "bran".

I love how many possible parsings that has.

I'm no Microsoft fan--I use Ubuntu when possible and have an iPhone--but I love my 360. My Wii gathers dust; I won't buy another Nintendo product, despite growing up on the systems.

Insightful. It would be more compelling to worry about our grandchildren if it didn't appear that they will be profoundly better equipped to deal with their problems than we are.

Allowing everyone to obtain citizenship also means it's a fiscal impossibility to guarantee any level of income or health care. Having a limitless green card program is politically intractable enough; a limitless citizenship program is hard to imagine this century.

The number one risk, cross-site scripting, can automatically be almost eliminated through the use of a templating system that automatically escapes HTML in variables, as does Django.

Insurance is for amortizing risk over time and population. Knowing the degree of risk makes it better insurance, not worse--it's not illegal to charge higher car insurance rates to people who are bad drivers. It's the role of the government to redistribute wealth to those who've gotten a crappy start, not the role of insurance firms. (And I dispute the notion that those unfortunates who share our nationality should be our first moral responsibility.)

I don't feel his post should be modded informative, because it's recommending a practice I don't agree with. Perhaps I was being too negative, though. I wouldn't have if there hadn't already been a "mod parent up" reply.

I suppose you're correct on both counts. I don't like invented protocols with no advantages over established standards, though.

You're incorrect. HTML Purifier builds a tree of the HTML it understands and allows, then outputs a clean version of that tree. If it doesn't recognize the markup, it doesn't pass it on to the browser. I'll give $20 to the first person to show me an XSS exploit in the current version of HTML Purifier that isn't the result of an overly permissive whitelist. (Disclaimer: I use HTML Purifier and submitted the patch for CSS.AllowedProperties, but am in no other way associated with the project.)

The correct solution is a whitelisted HTML parser and generator, like HTML Purifier.

I'm a Javascript developer, and I use NoScript, because I'm frequently Googling for information and checking sites I haven't visited before. Almost any time a Firefox vulnerability is announced, NoScript already prevents the exploit. Besides, I don't want third-party tracking and flashy ads when I'm just browsing for information. I'm happy to add genuine web apps to my whitelist, but blog comment forms, for example, should never require Javascript to function.

Mod parent up--hybridization isn't a magic bullet, though I love my mixes too. See Wikipedia: heterosis.

IE6 actually supports isolated processes with separate cookies when you launch another instance of IE. (Unlike Firefox, it doesn't detect and combine with the running instance.) My wife launches every new window from the start menu because she likes this behavior.