On Wed, Dec 3, 2008 at 12:58 PM, Mark Nottingham <[EMAIL PROTECTED]> wrote: > On 03/12/2008, at 11:32 PM, Ben Laurie wrote: >> There are standards for XSS??? > > There's a de facto standard in the browsers (same origin), and these folks > are working towards something more formal, maybe; > http://www.w3.org/2006/WSC/
Same origin policy isn't really all that much to do with cross-site scripting, surely?
