search

antirez / lamernews

Lamer News -- an HN style social news site written in Ruby/Sinatra/Redis/JQuery
http://lamernews.com
Other
1.35k stars 200 forks source link

Fix XSS injection #103

Closed seppo0010 closed 13 years ago

seppo0010 commented 13 years ago

reported on http://lamernews.com/news/439

antirez commented 13 years ago

Thanks for the fix. The XSS is not exploitable since the non escape username is only shown to the user that created the malicious username.