a placeholder for a security issue

[ilatypov]

Date: Mon, 24 Apr 2017 17:46:39 +0000 (UTC)
From: Ilguiz Latypov <ilatypov@yahoo.ca>
To: "support@calendarxp.net" <support@calendarxp.net>
Subject: Question about FlatCalendarXP - Ref#1493055020520

[victorwon]

Thanks!

[ilatypov]

Luckily, this covered both JSFuck (because we reject parentheses) and Gareth Heyes's way of executing code without parentheses (because we reject back-ticks). Doing away with expecting javascript from externally controlled sources can eradicate the vulnerability.