Vigilant, but not paranoid. XSS exists for a reason. A better solution IMHO would be to require the remote content to be signed by a particular source or something along those lines. Just my 2 cents. On Fri, May 15, 2009 at 1:30 PM, Stephen wrote: > given Lisa's previous rants I'm thinking both, and she would be right. > > it is in everyone's best interest to be vigilant. > > On Fri, May 15, 2009 at 12:56 PM, Alex Dean wrote: > > > > On May 15, 2009, at 12:34 PM, Lisa Kachold wrote: > > > >> it's IMPORTANT to realize that WE ALL MUST BE SECURITY EXPERTS > > > > Who is 'we'? Programmers/admins/hackers, or the general public? > > > > --------------------------------------------------- > > -- James McPhee jmcphe@gmail.com