Now that we allow the app to load code from anywhere, the server can send HTML code that loads external script files.
Desired behavior:
On the client we need to remove the following script pattern from any string that might be handled as HTML, prior to the use of jquery's html() function:
Current behavior:
Now that we allow the app to load code from anywhere, the server can send HTML code that loads external script files.
Desired behavior:
On the client we need to remove the following script pattern from any string that might be handled as HTML, prior to the use of jquery's html() function: