"All web applications allow some form of rich data, but that rich
data has become a key part of Web 2.0. Data is "rich" if it allows
markup, special characters, images, formatting, and other complex
syntax. This richness allows users create new and innovative content
and services.
Unfortunately, richness affords attackers an unprecedented
opportunity to bury attacks targeting users and systems downstream of
the offending application or service supplier.
One of the oldest security principles in the book is you should always keep code and data separate.
Once you mix them together, it’s almost impossible separate them again.
Unfortunately, most of the data formats and protocols we’re using today
mixing code and data like a bad DJ hashing up a cross fade. That’s why
injection is going to be with us for a long time." – Theregister
Article: http://www.theregister.co.uk/2008/08/01/rich_data_vulnerabilities/
