[Sage] Sage 1.3.7 feed rendering regression
Alexander Gräf
Alex at GRAEF.cc
Fri Oct 6 00:02:14 PDT 2006
> Yes, this is the intended behavior. Unfortunately, the
> object elements are a potential attack vector, and we have
> filtered them out as a security measure.
>
> peter
Hi,
if object/embed-tags are a security risk, why bother filtering them out
instead of filing a security report to FireFox? Or is there any difference
in the security handling between the Sage rendering and the webpage itself,
which I surely would launch if the YouTube/Google-Video would be missing and
I wanted to watch it. At least the filtering should be an option, so users
could decide if they need this special security measure.
Thanks and regards,
Alex
More information about the Sage
mailing list