brettcs
commented
10 years ago Read the full commit message, it explains all the details. I agree that it's not ideal, and there are other solutions we could consider, but the alternatives were bigger and I wasn't sure what direction would be best. I went with this one as the simplest.
dontcallmedom
This pull request fixes XSS vulnerabilities and ways to crash the script. See individual commit messages for more details.