Reply to post: This looks like the kind of problem

Yahoo! Mail! Had! Nasty! XSS! Bug!

Spender

This looks like the kind of problem

caused by using regular expressions to filter HTML content. Regular expressions are very poorly suited to the job of dealing with HTML and getting the filtering right becomes a game of whack-a-mole, as we can see here. If the content's going to a browser, it should be parsed with the same tools that a browser uses. To suppose that a "parser" built using completely different technology can stay current is talk from imagination-land.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019