From 4c5428364231ee28c5bb77a813f4981bfa1a5b2b Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <edwardzyang@thewritingpot.com>
Date: Tue, 26 Dec 2006 04:09:23 +0000
Subject: [PATCH] Fix a few things in the YouTube documentation as mentioned by
 Everah and kuza55 (sorry kuza55, still haven't acted completely on your
 requests).

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@619 48356398-32a2-884e-a903-53898d9a118a
---
 docs/enduser-youtube.html | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/docs/enduser-youtube.html b/docs/enduser-youtube.html
index c91fd760..3e363267 100644
--- a/docs/enduser-youtube.html
+++ b/docs/enduser-youtube.html
@@ -26,9 +26,9 @@ content in their pages is something that a lot of people like.</p>
 you will definitely be slammed by a manner of nasties that can be
 embedded in things from your run of the mill Flash movie to
 <a href="http://blog.spywareguide.com/2006/12/myspace_phish_attack_leads_use.html">Quicktime movies</a>.
-Allowing users to tell the browser to load content from other websites
-is intrinsically dangerous: there already security risks associated with
-letting users include images from other sites!</p>
+Even <code>img</code> tags, which HTML Purifier allows by default, can be
+dangerous. Be distrustful of anything that tells a browser to load content
+from another website automatically.</p>
 
 <p>Luckily for us, however, whitelisting saves the day. Sure, letting users
 include any old random flash file could be dangerous, but if it's
@@ -147,13 +147,18 @@ the user's operating system/browser. You need to either cap it by limiting
 the amount of digits allowed in the regex or using a callback to check the
 number.</p>
 
-<h3>Trusts YouTube's security</h3>
+<h3>Trusts media's host's security</h3>
 
 <p>By allowing this code onto our website, we are trusting that YouTube has
 tech-savvy enough people not to allow their users to inject malicious
-code into the Flash files. An exploit on YouTube means an exploit on your
-site, and when you start allowing shadier sites, remember that trust
-is important.</p>
+code into the Flash files.  An exploit on YouTube means an exploit on your
+site.  Even though YouTube is run by the reputable Google, it
+<a href="http://ha.ckers.org/blog/20061213/google-xss-vuln/">doesn't</a>
+mean they are
+<a href="http://ha.ckers.org/blog/20061208/xss-in-googles-orkut/">invulnerable.</a>
+You're putting a certain measure of the job on an external provider (just as
+you have by entrusting your user input to HTML Purifier), and
+it is important that you are cognizant of the risk.</p>
 
 <h3>Poorly written adaptations compromise security</h3>