XSS security flaw in Basecamp
"Basecamp intentionally allows HTML (and JavaScript) because many of our users find great value in being able to use that. We’re full aware that this allows for XSS attacks, but Basecamp is based on the notion of trusted parties. You should only allow people into the system that you believe won’t hack your system (just as you should only invite people into your office that you don’t believe will steal from you).
If this was a public system, it would definitely be different. You can’t have a public forum today without carefully dealing with XSS issues."
This is a response from Sarah Hatter in response to the discovery of an XSS vulnerability in Basecamp. I like her response, in conjunction with DHH who states:
"If your friend becomes a foe, you can revoke their account and change your login credentials. Just like you would simply not let them into your office.
In the 3+ years we’ve operated Basecamp, we’ve never had a single such case occur, though. So it doesn’t seem like it’s a big problem. And I know many of our customers would scream murder if we removed the option to use HTML in their messages, as they’ve become accustomed to over the past 3+ years."
This is part of their Getting Real approach to things, and, while I am normally strict when it comes to security aspects, this makes perfect sense.