[Typo3-dev] typo3 security team

[René Fritz]

> > It might not be bad to have an additional document which describes how to
> > write safe plugins/code or the other way around to show how it is wrong.

> This might be a very difficult project.
> What is safe or unsecure?

I disagree here. 

There are a few things you can do to make code more safe. For example output 
non-HTML content with htmlspecialchars() which is first of all a good thing 
to do anyways and second it deactivates javascript which shouldn't be there.

That document can describe some problems which occurs more often in web 
applications and how to deal with them.

René
-- 
COLORCUBE
digital media lab

www.colorcube.de