As the law stand at present, no you are not breaking the (UK) law by talking about it. However, as I said last week, there is an adjustment to the Police and Criminal Justice Act going through at the moment where talking about it *is* breaking the law.
Jake, true if the victim doesn't want to press charges then you get away with it... except for additional evidence. If you were filmed on CCTV doing the act then the victim doesn't need to press charges the CPS can do it automatically on the victim's behalf and indeed in some cases against the victim's wishes. In this case, if your provider gave log to the CPS to prove I (or others) willfully attacked your servers then the CPS could go ahead with a prosecution. Admitidly the likelyhood of such events is extremely remote, but the law allows for it.
Back to the task in hand. I think I can give your XSS protection a thumbs up. In fact I went back through your database to find old document which didn't have the protection, embedded the javascript, then tried standard Domino hacking to change the form type to "demos.xss.filtering" in an attempt to bypass your protection. That failed too.
@MD & Jake,
As the law stand at present, no you are not breaking the (UK) law by talking about it. However, as I said last week, there is an adjustment to the Police and Criminal Justice Act going through at the moment where talking about it *is* breaking the law.
Jake, true if the victim doesn't want to press charges then you get away with it... except for additional evidence. If you were filmed on CCTV doing the act then the victim doesn't need to press charges the CPS can do it automatically on the victim's behalf and indeed in some cases against the victim's wishes. In this case, if your provider gave log to the CPS to prove I (or others) willfully attacked your servers then the CPS could go ahead with a prosecution. Admitidly the likelyhood of such events is extremely remote, but the law allows for it.
Back to the task in hand. I think I can give your XSS protection a thumbs up. In fact I went back through your database to find old document which didn't have the protection, embedded the javascript, then tried standard Domino hacking to change the form type to "demos.xss.filtering" in an attempt to bypass your protection. That failed too.