On Mon, Jan 16, 2012 at 7:22 PM, Jeroen De Dauw jeroendedauw@gmail.com wrote:
Hey,
Do we trust that messages do not have evil (XSS) stuff in them? The reason why I ask is that I was just using .msg from mediawiki.jqueryMsg, and realized that things in the message do not get escaped. Since the function can take in HTML elements, this seems to be pretty inherent.
jQueryMsg doesn't really do this very well just yet, that's an issue with jQueryMsg.
Roan