On 16 January 2012 20:22, Jeroen De Dauw jeroendedauw@gmail.com wrote:
Hey,
Do we trust that messages do not have evil (XSS) stuff in them?
Ignoring the "how" for a moment, I personally think that no new uses of unescaped message output should be introduced, and we should get rid of the existing ones. -Niklas