Vigilant, but not paranoid.  XSS exists for a reason.  A better solution IMHO would be to require the remote content to be signed by a particular source or something along those lines.  Just my 2 cents.<br><br><div class="gmail_quote">
On Fri, May 15, 2009 at 1:30 PM, Stephen <span dir="ltr">&lt;<a href="mailto:cryptworks@gmail.com">cryptworks@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
given Lisa&#39;s previous rants I&#39;m thinking both, and she would be right.<br>
<br>
it is in everyone&#39;s best interest to be vigilant.<br>
<div><div></div><div class="h5"><br>
On Fri, May 15, 2009 at 12:56 PM, Alex Dean &lt;<a href="mailto:alex@crackpot.org">alex@crackpot.org</a>&gt; wrote:<br>
&gt;<br>
&gt; On May 15, 2009, at 12:34 PM, Lisa Kachold wrote:<br>
&gt;<br>
&gt;&gt; it&#39;s IMPORTANT to realize that WE ALL MUST BE SECURITY EXPERTS<br>
&gt;<br>
&gt; Who is &#39;we&#39;?  Programmers/admins/hackers, or the general public?<br>
&gt;<br>
</div></div><div class="im">&gt; ---------------------------------------------------<br><br>
</div></blockquote></div><br><br clear="all"><br>-- <br>James McPhee<br><a href="mailto:jmcphe@gmail.com">jmcphe@gmail.com</a><br>