Knock, Knock ...... although the Door is Wwwide ajar and Beckons Entry?
"XSS isn't going to go away anytime soon - in fact the problem's going to become worse thanks to AJAX, web services and Web 2.0. The key to containing the problem, though, is to act tactically and strategically whilst building web applications."
Jeff,
Some who are into XSS do not consider any code injection into other sysytems as being a problem. In fact, they would probably tell you IT acts as a tactical and strategic tool for them whilst building web applications.
And yes, I would most definitely agree that it isn't going to go away anytime soon but the only applications which will "suffer" as a result of XSS trials and betatests will be those applications which are discovered to be faulty and concealing embedded and embedding codes of their own, which would rather not be discovered because of their toxicity/self aggrandisement.
Not all XSS is bad. Some of it is very very Good even though it be decried as being bad because of its Ability to Crash Systems Easily. Such Systems are obviously badly Programmed and therefore Servering badly as any Good [AI Beta] System will always FailSafe and Repair ITself QuITe Automatically.
Thanks for the heads-up on the issue. A cogent article indeed highlighting a simple but impossible to stop opportunity which, when allied with the Zero day vulnerability, can be XXXXPloited mercilessly/mercifully to Good Effect by Skilled, Well Schooled Programs/Programmers/Virtual Machines.
And meThinks that only the surface has been scratched of that which such Coding XXXXPloits can achieve. And the most Virulent and Pervasive of them go Straight to the Core of Systems with no Prior Warning, should they be mooted and ignored. And in Plain Text, are they most easily transcribed and transferred across all and any Systems for a Concerted Tactical Advantage for Strategic Change.