On Mon, Jan 25, 2010 at 6:56 PM, Matt Mullenweg <m@mullenweg.com> wrote: > On 2010-01-24 10:04 AM, Shelley Powers wrote: > >> I've also cc'd Wordpress's Matt Mullenweg, since we're talking about >> how vulnerable a CMS such as Wordpress is when it comes to sanitizing >> comment content. Perhaps he could provide his view on the matter on >> this vulnerability, if he has time. Matt, would you mind giving us >> your view on vulnerability of comments in CMS today? >> > > We haven't had any HTML-level problems in comments in a while. > > We use and maintain a library called KSES that we use for all sanitation, > and it has served us well. > > Thanks, Matt. Very helpful to have an implementor's viewpoint, especially one responsible for such a popular tool. You confirmed my own view, that HTML-level problems were solved some time ago. I know you're traveling now, and busy. Appreciate the response. > -- > Matt Mullenweg > http://ma.tt | http://wordpress.org | http://automattic.com > ShelleyReceived on Tuesday, 26 January 2010 01:34:07 UTC
This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:15:57 UTC