Why is the server-side fix not sufficient?
Posted Nov 30, 2006 21:38 UTC (Thu) by gerv
Parent article: The Firefox password manager vulnerability
"Several of the comments maintain that it is completely a server-side issue and that sites must take steps to insure that what they serve does not contain this kind of content. Unfortunately for Firefox users and developers, that simplistic approach will not suffice."
People who place user-supplied content onto their website pages need to do filtering anyway - and, if they are smart, it'll be whitelist-based. We've just discovered one new thing they have to filter for.
to post comments)