What needs to happen, IMO, is for the browser manufacturers to create a way for users and website programmers to disable scripting in the web page body on a per site or per page basis. Why not be able to supply a meta tag that will only let scripting be attached in the head portion of the page and only from a file. Perfect use for Javascript behaviors to attach code to what's in the page body.In my experience, the bigger the organisation, the more mere mortals. Also, a small team has a much better of chance of getting things rightLet us look at XSS now. http://sla.ckers.org/forum/list.php?2 Looks like there are quite a few of those too. If Google/Yahoo can't stop this stuff how are us mere mortals supposed to?than a big team
That'd stop a lot of XSS issues and it'd force developers to write better code.
-- Michael McGlothlin Southwest Plumbing Supply
<<attachment: smime.p7s>>
