Hi Hideki Indeed this should be fixed via a DSA and for unstable as well. I am still having slight problems understanding the XSS issue here. Apparently, to_native() is converting it to another encoding, but shouldn't it do some escaping of certain characters to avoid having the usual html characters in there? I also don't understand the text on tdiary.org, since it is in Japanese, could you maybe provide a translation? I'm sure that I'm just missing something here, so once I understand it better, we can just proceed with DSA/NMU.
Cheers Steffen
signature.asc
Description: This is a digitally signed message part.