- From: Smylers <Smylers@stripey.com>
- Date: Mon, 25 Jan 2010 23:16:58 +0000
- To: public-html@w3.org
Shelley Powers writes: > > That security issue is completely independent from XSS, which is > > where client-side scripts are inserted into user generated content > > Let me ask you something else Lachlan: is there any CMS, such as > Wordpress or Drupal, or any other application in the entire world that > wants to let you store a comment with a script injection into the > database? I'm not Lachlan, but yes -- there are such applications. I mentioned several possible reasons in a previous mail why somebody might want to store the raw input in the database: http://www.w3.org/mid/20100125213424.GC4702@stripey.com Smylers -- Watch fiendish TV quiz 'Only Connect' (some questions by me) Mondays at 20:30 on BBC4, or iPlayer: http://www.bbc.co.uk/programmes/b00lskhg
Received on Monday, 25 January 2010 23:17:27 UTC