Scribblelve: sanitize inputs server-side #214

Open
brianboyer opened this Issue Jan 17, 2013 · 1 comment

Comments

Projects
None yet
2 participants
Contributor

brianboyer commented Jan 17, 2013

For the backlog: either we need to run our own server to proxy the incoming messages or we get SL to fix their shit. Client-side is not good enough long-term

Contributor

onyxfish commented Jan 17, 2013

Scribble is actually decoding HTML entities and then sending them back out raw--so its not even possible to santize inputs.

http://grab.by/j6Jq

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment