W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: <iframe doc="">

From: Smylers <Smylers@stripey.com>
Date: Mon, 25 Jan 2010 23:16:58 +0000
To: public-html@w3.org
Message-ID: <20100125231658.GD4702@stripey.com>
Shelley Powers writes:

> > That security issue is completely independent from XSS, which is
> > where client-side scripts are inserted into user generated content
> 
> Let me ask you something else Lachlan: is there any CMS, such as
> Wordpress or Drupal, or any other application in the entire world that
> wants to let you store a comment with a script injection into the
> database?

I'm not Lachlan, but yes -- there are such applications.  I mentioned
several possible reasons in a previous mail why somebody might want to
store the raw input in the database:
http://www.w3.org/mid/20100125213424.GC4702@stripey.com

Smylers
-- 
Watch fiendish TV quiz 'Only Connect' (some questions by me)
Mondays at 20:30 on BBC4, or iPlayer: http://www.bbc.co.uk/programmes/b00lskhg
Received on Monday, 25 January 2010 23:17:27 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:13 UTC