Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:I don't get XSS (Score 2, Insightful) 161

The problem isn't that they didn't validate the user input, so much as that validating user input is really, really hard. RSS aggregators are discovering the problems with validating that HTML is safe. See http://www.feedparser.org/docs/html-sanitization.h tml
The trouble is that an approach like that limits what you can do too much: http://www.symphonious.net/2006/09/10/stripping-st yles-as-part-of-sanitation/
Any site that wants to support formatted comments, like Slashdot, has to deal with this. The plus side when it's just comments is that you can have very draconian limitations to what's accepted without it getting in the way (like Slashdot does).

Slashdot Top Deals

Most public domain software is free, at least at first glance.

Working...