gordonwoodhull
commented
4 years ago Silence is consensus, or something. Merging for 2.2.3
Closed gordonwoodhull closed 4 years ago
gordonwoodhull
commented
4 years ago Silence is consensus, or something. Merging for 2.2.3
Hi @s-u, requesting your review on this fix we discussed last week.
I cleaned it up slightly by sanitizing the output rather than the inputs. Although notebook.R can
return()other errors, I don't think they are vulnerable to XSS. I haven't reviewed the other scripts, but I would propose fixing them the same way.I bet there is a better way to do multiple replacements but I didn't find it.