On 11 Nov., 07:14, PhistucK <[email protected]> wrote: > .. you can simply not put them in a "<script>". > So, what was your intention?
Imagine a Website like a blog where you have code coming from you and then the "evil" comments. And you don't trust your blog software to filter all possible XSS attacks. Then you could put the HTML part with the comments within jail tags. You are right if you say why not just make it the other way round and this is indeed part of my work. But to achieve safety in terms of XSS attacks the common script tag would not be enough. It would have to be a tag like <nojail hash="blub"> my secure java-script code </nojail hash="blub"> -- Chromium Discussion mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-discuss
