Although Microsoft's IE 7 wasn't specifically targeted in the presentation, Walter VonKoch, a program manager for Internet Explorer, responded with a blog entry that detailed the browser's RSS security steps.
"When downloading feeds, the RSS Platform passes the feed through a sanitization process which among other things removes script from HTML fields like the description element," wrote VonKoch. "Also, text fields, like the title element, are treated as text and not as HTML."
Additionally, IE 7 displays RSS feeds in the browser's "Restricted" security zone independent of where the feed originated (even from a site, say, that was already listed in IE's "Trusted" zone).
"By default, script is disabled in the Restricted zone," VonKoch noted.