Comments on: Basecamp security flaw or not?

By: DHH

DHH — Thu, 15 Nov 2007 16:52:28 +0000

This intentional design. Basecamp is made for collaboration between trusted parties. Lots of our customers are very happy that they can use HTML in their messages and other content and would loathe us to take that away.

This is different from, say, a public forum where you’re most certainly not dealing with trusted parties. Applications like that need to escape HTML.

By: Autotransport

Autotransport — Mon, 05 Nov 2007 20:26:46 +0000

Nice discovery, But how can I applay it?

By: Johan Van Mol

Johan Van Mol — Wed, 15 Nov 2006 22:45:04 +0000

Interesting discovery.
I wonder what the verdict will be…
Can 37signals blunder? Are they human after all?
I digg’d this article: http://digg.com/programming/Do.....urity_flaw
Maybe one of the countless digg’ers can clear this out.

regards,

Johan