Open IanHuntress opened 8 years ago
Please don't use dropbox for resources
Also please rebase so it can be merged
Remove chat demo line from readme
I don't really understand how tell if everything is ok, but It seems like the rebase worked since this issue claims to be "up-to-date." If I've done something dumb, directions to docs/tutorials would be much appreciated. (also, rebase is cool)
Has this been tested for XSS attacks?
Based on this list of rules for XSS security: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet It seems I have broken those rules in the chat feature. However, am also unable to exploit anything I've read about here: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) to cause undesired behavior. If you can direct me to something else that I should read (or an exploit that I missed) about this, I am interested.
On Sat, Feb 20, 2016 at 7:24 AM, John McLear notifications@github.com wrote:
Has this been tested for XSS attacks?
— Reply to this email directly or view it on GitHub https://github.com/JohnMcLear/draw/pull/209#issuecomment-186581069.
Hi, We are some RPI students trying to contribute to draw.js for a class. We attempted to duplicate the chat we saw in the etherpad-lite based on issue #22. We are new at this, so please tell us what you think.
-Thanks