Daniel Friesen wrote:
We can kill html messages over time (and it would
definitely be a good
idea anyways). Messages for .js can be rejected from the localized
downloads. And frankly killing the inclusion of .js and .css from the
i18n space would be good too.
Principle of least permission, if we have to download i18n then at the
very least we shouldn't allow that format to inject php and turn
everyone's vps servers into a big botnet.
Man, that kills all the fun :)
Also, that means that we have an excuse for holing those pesty firewalls
that don't allow us to "enable" their site [1].
1-
http://bit.ly/qiYUyL