Actually I was busy, what I really wanted to say was that I agree with every one of the points you make, but still stick to my prefrence for escaping on the way in, but ok lets say only where practical. I've been involved myself in a project where we had to accept input of script and prepare output of it for display or execution. And there are a number of other legitimate uses for some of the techniques which come under the umbrella of CSS.
The only truly compatible answer is to delegate to the application designer full responsibility for this task. Hence, of course, the requirement for a small API to help her/him do the dull hard work. (which I'm right behind) d. > -----Original Message----- > From: Danny Angus [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, November 21, 2001 6:57 PM > To: Jakarta General List > Subject: RE: Cross site scripting > > > Ok, you're right! > d. > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
