This is my first attempt at a pull request, not sure how this will work.
Anyway, I have a commit in my fork repo which moves the URL creation (Note ID generation) from the client to the server side. This is more secure because there is less client input being processed. Also, with the ID generation on the client side it was possible to make up URLs like robot.txt and such and also to overwrite existing notes. Also on the server side you can avoid note URL collisions.
This is my first attempt at a pull request, not sure how this will work. Anyway, I have a commit in my fork repo which moves the URL creation (Note ID generation) from the client to the server side. This is more secure because there is less client input being processed. Also, with the ID generation on the client side it was possible to make up URLs like robot.txt and such and also to overwrite existing notes. Also on the server side you can avoid note URL collisions.