Michal Zalewski of the security department Google: hosting user-generated content is a very dangerous thing
Google has been doing this for many years and has accumulated a lot of experience from which to draw definite conclusions. The main conclusion that the voice of Michael, - hosting user-generated content is a very dangerous business.
Historically, all browsers and browser plug-ins are designed in such a way as to show multiple types of content, ignoring any errors on the website. In the days of static HTML and simple Web applications, this approach was normal, because all the content was controlled by the webmaster.