Well the difficulty really arises when you want to go a step beyond full HTML control and allow for JS and AJAX (think pagination with really artful page transitions). How do you allow users complete control without turning your service into a cesspool of XSS attacks?
Well the difficulty really arises when you want to go a step beyond full HTML control and allow for JS and AJAX (think pagination with really artful page transitions). How do you allow users complete control without turning your service into a cesspool of XSS attacks?