Recently I have had the opportunity to fix a cross-site-scripting problem. The problem: a lot of JSON objects are being sent over the wire and the data is not being html escaped. This means that anyone who would put html data IN would get it out and make any user vulnerable for XSS attacks. In […]