- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 23 Oct 2015 21:17:38 -0700
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: Nick Doty <npdoty@w3.org>, Mathieu Hofman <Mathieu.Hofman@citrix.com>, Harald Alvestrand <harald@alvestrand.no>, "public-media-capture@w3.org" <public-media-capture@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
On 23 October 2015 at 21:12, Eric Rescorla <ekr@rtfm.com> wrote: > On the other hand, it's the advice we give to sites which handle credit > card numbers, e-mails, and other sensitive information. Generally, if > you once have an XSS on your site, it's fairly hard to clean up later. Don't get me wrong, it's great advice, it's just not an effective strategy in this case.
Received on Saturday, 24 October 2015 04:18:08 UTC