On Wed, Oct 18, 2017, at 12:40, Goffi wrote: > If we base the debate on devs not really taking care of security (which > was > the initial issue with XHTML-IM) or path of less resistance, they will > most > probably just send the raw Markdown to the list, were HTML can be > executed.
It would also require manually unescaping the body first, otherwise you'd just get a message that said "<script>". So it now requires manually screwing something up to lead to a security issue instead of the default being an issue. —Sam _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
