Hi David,

On Tue, Oct 13, 2009 at 4:37 PM, David Pollak
<feeder.of.the.be...@gmail.com> wrote:
> Why does Lift use XHTML rather than Strings or something else for
> templating?  Because XML is a secure (and fast) representation.  While PHP
> sites have significant cross site scripting problems, Lift apps have none
> (and I've been through half a dozen penetration test with Lift apps and the
> universal evaluation is "this is the most secure web site we've ever
> tested.")
Can you elaborate on how XHTML eliminates the XSS potential of
strings? Doesn't an XHTML file have strings in it in between the

Bill Venners
Artima, Inc.

You received this message because you are subscribed to the Google Groups 
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to