Hi, > I should have been a little more clear in my mail.
I wasn't trying to belittle the problem; I'm aware that if you can get a <b> through you can do a lot more. On second thought, my posting was perhaps not that useful because those with an understanding of security will probably have known what a "XSS type 2 vulnerability" is (I didn't), and those with no understanding won't know that a <b> can be the beginning of the end. Fixing the particular problem is probably a one-liner for our ruby heroes but as you said in your initial E-Mail, the problem may be widespread and should be investigated thoroughly. Maybe I can even create an username that contains HTML and this gets then displayed in other people's "users near you" lists and so on. Maybe I can enter place names into OSM that have HTML in them, and they get displayed with the name finder results? (Check out woodpeck's new OSM diary here: http://www.openstreetmap.org/user/woodpeck/diary guaranteed harmless. har har.) Bye Frederik -- Frederik Ramm ## eMail [EMAIL PROTECTED] ## N49°00.09' E008°23.33' _______________________________________________ dev mailing list dev@openstreetmap.org http://lists.openstreetmap.org/cgi-bin/mailman/listinfo/dev