HTML popup response security

Discussion created by mcorbin-esriuk-esridist on Sep 23, 2011
Latest reply on Sep 28, 2011 by mcorbin-esriuk-esridist
The REST API has a definition for an HTML Popup in a feature layer (http://localhost:6080/arcgis/sdk/rest/ms-htmlPopup.html). So the response includes HTML within the JSON. Could that be a security risk as it seems like a way to inject dodgy JavaScript into the response. What do you guys think?