On Mon, Jan 25, 2010 at 5:45 PM, Alex Russell <slightly...@google.com> wrote: > Sorry I'm late to this discussion. Would like to add my objection to > using attribute string escaping as a security "feature" in any way. I > strongly prefer required nonces attached to opening and closing of > sections.
Do you have any suggestions on how to fix the issues that have already been raised against that? ~TJ