Re: <iframe doc=""> from Shelley Powers on 2010-01-26 (public-html@w3.org from January 2010)

From: Shelley Powers <shelley.just@gmail.com>
Date: Mon, 25 Jan 2010 19:33:32 -0600
To: Matt Mullenweg <m@mullenweg.com>
Cc: "Tab Atkins Jr." <jackalmage@gmail.com>, Ian Hickson <ian@hixie.ch>, "public-html@w3.org WG" <public-html@w3.org>, matt@mullenweg.com
Message-ID: <643cc0271001251733m69271a2bp6b6227f423fc484@mail.gmail.com>

On Mon, Jan 25, 2010 at 6:56 PM, Matt Mullenweg <m@mullenweg.com> wrote:

> On 2010-01-24 10:04 AM, Shelley Powers wrote:
>
>> I've also cc'd Wordpress's Matt Mullenweg, since we're talking about
>> how vulnerable a CMS such as Wordpress is when it comes to sanitizing
>> comment content. Perhaps he could provide his view on the matter on
>> this vulnerability, if he has time. Matt, would you mind giving us
>> your view on vulnerability of comments in CMS today?
>>
>
> We haven't had any HTML-level problems in comments in a while.
>
> We use and maintain a library called KSES that we use for all sanitation,
> and it has served us well.
>
>
Thanks, Matt. Very helpful to have an implementor's viewpoint, especially
one responsible for such a popular tool. You confirmed my own view, that
HTML-level problems were solved some time ago.

I know you're traveling now, and busy. Appreciate the response.



> --
> Matt Mullenweg
> http://ma.tt | http://wordpress.org | http://automattic.com
>

Shelley

Received on Tuesday, 26 January 2010 01:34:07 UTC