Andrei Alexandrescu wrote: > One more thing: make sure you solve potential cross-site scripting > that may occur
I don't think any are possible - I always escape input and output, and if something does get through, it's on a different domain so the browser's cross domain restriction will keep it from getting too bad. (Indeed, these restrictions made the auto-resize a real pain in the ass!) > and prepare for seeing a fair amount of extra traffic. Naturally.
