Mozilla published a tool to evaluate site security recently. I ran that on the Qt sites for the fun of it. The results are pretty bad IMHO:
- Qt.io gets a D-.
- qt-project.org gets an D-.
- bugreports.qt.io gets an D-.
- doc.qt.io gets an F.
- codereview.qt-project.org gets an F.
- wiki.qt.io gets an F.
- code.qt.io gets an F.
- login.qt.io gets an F.
- forum.qt.io gets an F.
- lists.qt-project.org gets an F.
Can we please do something about these ratings? Especially the sites with user-generated contents should make use of all the XSS protection they can get their hands on.