Nice work, and (as another fastmail.fm user) thank you for the responsible disclosure. May it amply repay you in consulting gigs :)
Regarding the script injection from image file names, there is a simple solution to this problem: separate the data types of strings and document structure. For example:
Regarding the script injection from image file names, there is a simple solution to this problem: separate the data types of strings and document structure. For example:
http://www.gnu.org/software/guile/manual/html_node/Types-and...