On Mon, Jan 25, 2010 at 6:56 PM, Matt Mullenweg <m@mullenweg.com> wrote:
> On 2010-01-24 10:04 AM, Shelley Powers wrote:
>
>> I've also cc'd Wordpress's Matt Mullenweg, since we're talking about
>> how vulnerable a CMS such as Wordpress is when it comes to sanitizing
>> comment content. Perhaps he could provide his view on the matter on
>> this vulnerability, if he has time. Matt, would you mind giving us
>> your view on vulnerability of comments in CMS today?
>>
>
> We haven't had any HTML-level problems in comments in a while.
>
> We use and maintain a library called KSES that we use for all sanitation,
> and it has served us well.
>
>
Thanks, Matt. Very helpful to have an implementor's viewpoint, especially
one responsible for such a popular tool. You confirmed my own view, that
HTML-level problems were solved some time ago.
I know you're traveling now, and busy. Appreciate the response.
> --
> Matt Mullenweg
> http://ma.tt | http://wordpress.org | http://automattic.com
>
Shelley