Open flc opened 9 years ago
Messenger.post("<script>alert("foo");</script>") executes the alert. message should be sanitized.
Messenger.post("<script>alert("foo");</script>")
This is fixed with #86 when escaping is enabled.
Messenger.post("<script>alert("foo");</script>")
executes the alert. message should be sanitized.