Choe, Cheng-Dae wrote: > example site is http://bbs.pythonworld.net:9080/pybbs.py
Since this seems quite happy to accept posted <script> elements - never mind any of the thousand more involved ways to do JavaScript injection - I'd like to ask a narrower version of the OP's question: >> I'm looking for a web forum preferably in Python *that is >> actually secure and does not have cross-site scripting >> or other more serious vulnerabilities all over the shop*. We all know the PHP messageboards are crap, because PHP is awful at security, and encourages application design that is awful at security. [Sorry. I must have caught flame mode from this thread.] Python should be able to do better. Has anyone done it? No use for such a thing myself, but I'd like to be able to recommend something positively when I pour scorn on the clods using phpSecurityDisasterBoard. (I do a lot of scorn-pouring, because I am deep down not a very nice person.) Don't see anything in PyPI. Do I have to write everything myself? Gah. I need more beer. -- Andrew Clover mailto:[EMAIL PROTECTED] http://www.doxdesk.com/ -- http://mail.python.org/mailman/listinfo/python-list
