Gregory Maxwell wrote:
Since most of these are in places where I can just go
fix them, I've
been doing a little of that, and will probably eventually go around
and get them all... I'm assuming that these were entered in before we
were correctly filtering text,
Yes, some old ones in images etc still.
but I'm somewhat concerned that there
may be some data entry paths which are not being filtered. Is this
possible? If so, I'll create some test cases.
Unlikely but possible. Check WebRequest.php etc.
-- brion vibber (brion @
pobox.com)