We would like to thank Marti Raudsepp for letting us know about a
security hole in the comment submission code for the site. We believe
it is now fixed and, in general, that we have tightened up our HTML
handling for comments. As part of that, we removed support for many
attributes on HTML tags by whitelisting a small set of attributes. We
might very well have been over-zealous and removed support for legitimate
attributes. Please let us know at firstname.lastname@example.org if that is the case.
We would also like to remind folks that we encourage anyone who finds a
security problem with the site to contact us (email@example.com works for that
too). We give prompt attention to such things and thank anyone reporting
them—rather than, say, turning them
over to law enforcement.
to post comments)