New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

a placeholder for a security issue #2

ilatypov opened this Issue Apr 24, 2017 · 2 comments


None yet
2 participants

ilatypov commented Apr 24, 2017

Date: Mon, 24 Apr 2017 17:46:39 +0000 (UTC)
From: Ilguiz Latypov <>
To: "" <>
Subject: Question about FlatCalendarXP - Ref#1493055020520

victorwon added a commit that referenced this issue May 18, 2017


This comment has been minimized.


victorwon commented May 18, 2017


@victorwon victorwon closed this May 18, 2017


This comment has been minimized.


ilatypov commented Jul 10, 2017

Luckily, this covered both JSFuck (because we reject parentheses) and Gareth Heyes's way of executing code without parentheses (because we reject back-ticks). Doing away with expecting javascript from externally controlled sources can eradicate the vulnerability.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment