Vigilant, but not paranoid.  XSS exists for a reason.  A better solution
IMHO would be to require the remote content to be signed by a particular
source or something along those lines.  Just my 2 cents.

On Fri, May 15, 2009 at 1:30 PM, Stephen <cryptworks@gmail.com> wrote:

> given Lisa's previous rants I'm thinking both, and she would be right.
>
> it is in everyone's best interest to be vigilant.
>
> On Fri, May 15, 2009 at 12:56 PM, Alex Dean <alex@crackpot.org> wrote:
> >
> > On May 15, 2009, at 12:34 PM, Lisa Kachold wrote:
> >
> >> it's IMPORTANT to realize that WE ALL MUST BE SECURITY EXPERTS
> >
> > Who is 'we'?  Programmers/admins/hackers, or the general public?
> >
> > ---------------------------------------------------
>
>


-- 
James McPhee
jmcphe@gmail.com