Hi Adrian, >It would have been cool to mention Microsoft SharePoint as an example of >a popular file sharing system that allows persistent XSS through shared >HTML files. i.e.: Thanks for pointing this out. I didn't look at SharePoint, actually. I did look at many others, and didn't find any that took any explicit precautions against XSS through shared files. But I thought there was no need to mention any names in the paper. Francisco
