Forgot your password?
typodupeerror

Comment: Re:I don't get XSS (Score 2, Insightful) 161

by TheAJofOZ (#16191453) Attached to: Cross-Site Scripting Hits Major Sites
The problem isn't that they didn't validate the user input, so much as that validating user input is really, really hard. RSS aggregators are discovering the problems with validating that HTML is safe. See http://www.feedparser.org/docs/html-sanitization.h tml
The trouble is that an approach like that limits what you can do too much: http://www.symphonious.net/2006/09/10/stripping-st yles-as-part-of-sanitation/
Any site that wants to support formatted comments, like Slashdot, has to deal with this. The plus side when it's just comments is that you can have very draconian limitations to what's accepted without it getting in the way (like Slashdot does).

Never trust a computer you can't repair yourself.

Working...