W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: <iframe doc="">

From: Matt Mullenweg <m@mullenweg.com>
Date: Mon, 25 Jan 2010 16:56:11 -0800
Message-ID: <4B5E3DAB.70009@mullenweg.com>
To: Shelley Powers <shelley.just@gmail.com>
CC: "Tab Atkins Jr." <jackalmage@gmail.com>, Ian Hickson <ian@hixie.ch>, "public-html@w3.org WG" <public-html@w3.org>, matt@mullenweg.com
On 2010-01-24 10:04 AM, Shelley Powers wrote:
> I've also cc'd Wordpress's Matt Mullenweg, since we're talking about
> how vulnerable a CMS such as Wordpress is when it comes to sanitizing
> comment content. Perhaps he could provide his view on the matter on
> this vulnerability, if he has time. Matt, would you mind giving us
> your view on vulnerability of comments in CMS today?

We haven't had any HTML-level problems in comments in a while.

We use and maintain a library called KSES that we use for all 
sanitation, and it has served us well.

-- 
Matt Mullenweg
http://ma.tt | http://wordpress.org | http://automattic.com
Received on Tuesday, 26 January 2010 00:56:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:17:00 GMT