On Wed, 02 Jan 2008 19:26:03 +0100, Close, Tyler J. <[EMAIL PROTECTED]> wrote:
Sure, but the question is: "Who's responsibility is it?". In my opinion, it is the server's responsibility to ensure a safe default for each resource. You seem to have the perspective that it's the client's responsibility.
Most XSS problems have been due to lack of knowledge of the authors. SQL injection is a big one for instance. Also script injection due to lack of escaping on the server side. Trusting the authors to do the right thing does not seem responsible at all.
-- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
