Follow Slashdot stories on Twitter


Forgot your password?

Comment: Re:I don't get XSS (Score 2, Insightful) 161

by TheAJofOZ (#16191453) Attached to: Cross-Site Scripting Hits Major Sites
The problem isn't that they didn't validate the user input, so much as that validating user input is really, really hard. RSS aggregators are discovering the problems with validating that HTML is safe. See tml
The trouble is that an approach like that limits what you can do too much: yles-as-part-of-sanitation/
Any site that wants to support formatted comments, like Slashdot, has to deal with this. The plus side when it's just comments is that you can have very draconian limitations to what's accepted without it getting in the way (like Slashdot does).

I go on working for the same reason a hen goes on laying eggs. -- H.L. Mencken