Comment 3 for bug 605775

Hey Robert. I'm totally familiar with the security implications--the Bugzilla Project had a bug on this before most people on the Internet were even aware that it could possibly be a problem. What I'm saying is that the security implications will be dealt with in a follow-up bug, and in this bug they will not be.

This is not going to be deployed on Launchpad until it's secure for Launchpad, this is just going into loggerhead trunk, which is not going onto Launchpad.

Note that most loggerhead installations have no concerns whatsoever about XSS, though, BTW. There's nothing dangerous you could do to loggerhead itself, in most situations. LP happens to have private branches and credentials, so that's different.