29 points | by _nhh 14 hours ago ago
4 comments
Isn't there xss in the first demo? What if title is user supplied and it's something like <script>alert("xss")</script>
User supplied stuff must always be sanitized :)
API would be the proper term for this, no?
Maybe "typed API"?
What do you mean?
Isn't there xss in the first demo? What if title is user supplied and it's something like <script>alert("xss")</script>
User supplied stuff must always be sanitized :)
API would be the proper term for this, no?
Maybe "typed API"?
What do you mean?