Should XSS protection use Ruby's built-in tainting to mark strings safe or unsafe, or should we have specialized XSS-safety metadata?
The lack of a clear winner becomes a real problem for plugins that include view helpers (like Streamlined). We'd like to conform to an XSS-protection scheme, but which one? Suggestions welcome.