[cryptography] How to safely produce web pages from multiple sources?

James A. Donald jamesd at echeque.com
Wed Aug 29 02:11:26 EDT 2012


On 2012-08-29 12:10 PM, Natanael wrote:
> Isn't the standard answer to always verify, verify, verify? Make sure
> you only accept some types of data from Malloc and verify it *can't* do
> strange crap. Also, read up on XSS prevention and all that.

In other words, Bob's server reads malloc's content, rejects everything 
that is not plain vanilla correct strict html without javascript, and if 
passes the test, incorporates it into its own web page.




More information about the cryptography mailing list