Following on from the BBC press about eBay XSS vulnerabilities and several hundred listings being identified as phishing directly from the eBay site, we thought we should poll the experts for some opinions.
How a ban on active code would impact your custom listing design
Is HTML5 the answer?
The designers tell us that HTML5 is not yet 100% compatible on eBay and even if it was, it would not allow for some of the functionality that you see available in descriptions or shops today. Plus of course HTML5 relies on the user having a bang up to date browser or it simply won’t be supported.
You might think it’s a great way to force users to update their browser, but go to http://html5test.com/ and you’ll find your (hopefully) up to date browser doesn’t fully support HTML5 yet. As for older devices in which we must include internet enabled TVs, Game Consoles and a plethora of smartphones and tablets which can’t be upgraded to the latest versions and you can see it’s a bit of a problem.
Perhaps a solution may be a ban on all active code except that specifically tested and approved by eBay. If they could work with the listing design companies their code could be approved, but of course there are hundreds of smaller companies who’s code could be banned, not to mention the sellers who code their own listings.