-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10-08-11 02:11 AM, Tim Starling wrote:
*.toolserver.org is most likely full of XSS vulnerabilities.
You're very probably right - Dispenser has been looking for them in the past few days, and I don't think they had much difficulty doing so.
I don't think any private data should be delivered on this domain at all.
Well, we're asking to have this exposed in the UI and/or API. It happens to be "private" because nobody bothered to make it available - not because it falls under the definition of "private data" we use in the privacy policy, for example.
That said, until it /is/ made available in the API or UI, I'll certainly respect the rules regarding making such data available.
- -Mike