W3C home > Mailing lists > Public > public-html@w3.org > January 2010

Re: <iframe doc="">

From: Shelley Powers <shelley.just@gmail.com>
Date: Mon, 25 Jan 2010 19:33:32 -0600
Message-ID: <643cc0271001251733m69271a2bp6b6227f423fc484@mail.gmail.com>
To: Matt Mullenweg <m@mullenweg.com>
Cc: "Tab Atkins Jr." <jackalmage@gmail.com>, Ian Hickson <ian@hixie.ch>, "public-html@w3.org WG" <public-html@w3.org>, matt@mullenweg.com
On Mon, Jan 25, 2010 at 6:56 PM, Matt Mullenweg <m@mullenweg.com> wrote:

> On 2010-01-24 10:04 AM, Shelley Powers wrote:
>
>> I've also cc'd Wordpress's Matt Mullenweg, since we're talking about
>> how vulnerable a CMS such as Wordpress is when it comes to sanitizing
>> comment content. Perhaps he could provide his view on the matter on
>> this vulnerability, if he has time. Matt, would you mind giving us
>> your view on vulnerability of comments in CMS today?
>>
>
> We haven't had any HTML-level problems in comments in a while.
>
> We use and maintain a library called KSES that we use for all sanitation,
> and it has served us well.
>
>
Thanks, Matt. Very helpful to have an implementor's viewpoint, especially
one responsible for such a popular tool. You confirmed my own view, that
HTML-level problems were solved some time ago.

I know you're traveling now, and busy. Appreciate the response.



> --
> Matt Mullenweg
> http://ma.tt | http://wordpress.org | http://automattic.com
>

Shelley
Received on Tuesday, 26 January 2010 01:34:07 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:13 UTC