Re: RE: Invision Vulnerabilities, including remote code execution

[mattmecham () gmail com]

We have cleaned up much of the post parser in a recent security update which included removing the block of code that 
attempts to decode hex entities into HTML.

Part of the problem is trying to balance a feature rich application against various browser bugs (of which IE is the 
worst culprit for rendering what should be considered safe HTML code) and programatically safe code.