Just a quick once, but a worrying one.
The main thing I am worried for is script injection, for example if I posted:
Hi, I'm Andrew making a fake enquiry that your client will think is okay and happily accept, woo!
Now clearly having a script file injected into the page is bad, bad news, considering what you could do with that.
What kind of security measures does Business Catalyst have in place to prevent this? There is nothing we can do client-side.
Even without moderation enabled, any submission made through the BC platform is filtered through our protection engine to prevent XSS. Any type of potentially malicious code is immediately stripped from the submission, and this is not done at a client-side level.
Thanks for letting me know. As long as it does this, I can continue to use customer submitted web apps.