Developer Myth: if it was hard to write it should be hard to exploit. Hacker Myth: if it was easy to exploit it should be easy to fix.
I now have over 10 protocol handler buffer overflows in Spartan. It feels like 1996 again.
Ok bad. Directory traversal bug: <iframe src="ms-appx-web://microsoft.windows.spartan/%2e%2e%2f%2e%2e%2fTemp/blah.txt"> reads file from temp