[superzamp]

Nice idea, congrats on shipping.

You might want to fix this though http://sitekite.com/hello-world-2o5f7g

[coldicetea]

Thanks for the tip, fixed: http://sitekite.com/no-more-xss-for-me-vSlYWg

[josephwegner]

On a similar topic, I seem to have broken something by putting a javascript:alert in the embed field:

http://sitekite.com/test-V2IjEA

[simi_]

Haha, that's always the first thing I check for. :)

http://sitekite.com/my-kickass-website-m0uAPw

[jfaucett]

yea, I'd second the xss, since using rails one sanitize call should be enough.

[ch0wn]

And setting user cookies to HTTP only.