> a provider's "web search" API [...] pre-processes and summarises all content, so these types of attacks are impossible.

Inigo Montoya: "Are you sure the design is safe?"

Vizzini: "As I told you, it would be absolutely, totally, and in all other ways inconceivable. The web-gateway API sanitizes everything, and no user of the system would enter anything problematic. Out of curiosity, why do you ask?"

Inigo Montoya: "No reason. It's only... I just happened to look in the logs and something is there."

Vizzini: "What? Probably some local power-user, making weird queries out of curiosity, after hours... in... malware-infested waters..."