On Wed, Jul 8, 2009 at 11:54 AM, Erik Arvidsson<a...@chromium.org> wrote: > On Wed, Jul 8, 2009 at 11:51, Adam Barth<aba...@chromium.org> wrote: >> Ideally we would use an existing library instead of rolling our own. >> One major benefit of using existing code is that all the XSS holes >> will have been worked out already. > > Replacing JST with something custom is something I am totally comfortable > with. > > If we end up doing the string replacing on the front end I do agree > that we should use some existing library since this is a much harder > problem.
Ok. Just be sure to loop in the security team for a review prior to enabling the new code. Adam --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---