On Wed, Jul 8, 2009 at 11:54 AM, Erik Arvidsson<a...@chromium.org> wrote:
> On Wed, Jul 8, 2009 at 11:51, Adam Barth<aba...@chromium.org> wrote:
>> Ideally we would use an existing library instead of rolling our own.
>> One major benefit of using existing code is that all the XSS holes
>> will have been worked out already.
>
> Replacing JST with something custom is something I am totally comfortable
> with.
>
> If we end up doing the string replacing on the front end I do agree
> that we should use some existing library since this is a much harder
> problem.
Ok. Just be sure to loop in the security team for a review prior to
enabling the new code.
Adam
--~--~---------~--~----~------------~-------~--~----~
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
-~----------~----~----~----~------~----~------~--~---
