search

HubSpot / messenger

Growl-style alerts and messages for your app. #hubspot-open-source
http://github.hubspot.com/messenger/
MIT License
4.03k stars 408 forks source link

potential xss vulnerability? #89

Open flc opened 9 years ago

flc commented 9 years ago

Messenger.post("<script>alert("foo");</script>") executes the alert. message should be sanitized.

Friss commented 9 years ago

This is fixed with #86 when escaping is enabled.