Bloggers can inject <script> tags into posts.

FutureBlueWebTeam / FutureBluePage

The repository used for the Future Blue intern web page

http://futureblue.torolab.ibm.com

Other

0 stars 0 forks source link

Closed t-mullen closed 8 years ago

t-mullen commented 8 years ago

Not a big deal since all bloggers will be trusted, but still an issue.

We want to allow HTML, so might only be partially fixable.

t-mullen commented 8 years ago

Might be a cool way to demo web stuff in-article though. Bug = Feature?

t-mullen commented 8 years ago

No reliable way to do this without banning HTML.