Of course we'd rather Finetooth not have any cross-site-scripting exploits, but if the measures implemented in 35d8662 turn out to have any loopholes, we can at least prevent attackers from doing anything terribly interesting with them. There are third-party apps for this, but it looks sufficiently straightforward that I'd rather avoid dependency bloat by Inventing It Here.
Of course we'd rather Finetooth not have any cross-site-scripting exploits, but if the measures implemented in 35d8662 turn out to have any loopholes, we can at least prevent attackers from doing anything terribly interesting with them. There are third-party apps for this, but it looks sufficiently straightforward that I'd rather avoid dependency bloat by Inventing It Here.