Should XSS protection use Ruby's built-in tainting to mark strings safe or unsafe, or should we have specialized XSS-safety metadata?
The lack of a clear winner becomes a real problem for plugins that include view helpers (like Streamlined). We'd like to conform to an XSS-protection scheme, but which one? Suggestions welcome.
We are a collection of experienced, thoughtful technologists, passionate about helping organizations deploy
technology effectively and humanely to build better futures. We like to work with you on the hard stuff.