- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 02 Jan 2008 19:39:14 +0100
- To: "Close, Tyler J." <tyler.close@hp.com>, "Ian Hickson" <ian@hixie.ch>
- Cc: "public-appformats@w3.org" <public-appformats@w3.org>
On Wed, 02 Jan 2008 19:26:03 +0100, Close, Tyler J. <tyler.close@hp.com> wrote: > Sure, but the question is: "Who's responsibility is it?". In my opinion, > it is the server's responsibility to ensure a safe default for each > resource. You seem to have the perspective that it's the client's > responsibility. Most XSS problems have been due to lack of knowledge of the authors. SQL injection is a big one for instance. Also script injection due to lack of escaping on the server side. Trusting the authors to do the right thing does not seem responsible at all. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Wednesday, 2 January 2008 18:37:02 UTC