> I agree - but this is because what they are asked to do is hard. There
> are two things we can do about that - we can make the thing they are
> trying to do easier, or we can provide another easier thing they can do
> as well, which helps when they get the first thing wrong. That's the
> approach
Thought I'd get involved in the conversation (full disclosure: I'm
involved with the SOMA paper that Terri has been discussing).
The point of both lines of work (both yours and ours) is to attempt to
restrict the number of XSS and XSRF vulnerabilities which exist in the
web today. We have gone ab
