On 16 January 2012 20:22, Jeroen De Dauw <jeroendedauw(a)gmail.com> wrote:
Do we trust that messages do not have evil (XSS) stuff in them?
Ignoring the "how" for a moment, I personally think that no new uses
of unescaped message output should be introduced, and we should get
rid of the existing ones.