zachthompson
commented
8 years ago Is this just for parity with prod? Who but the dev running duckpan would execute one of these?
Closed moollaza closed 6 years ago
zachthompson
commented
8 years ago Is this just for parity with prod? Who but the dev running duckpan would execute one of these?
moollaza
commented
8 years ago Is this just for parity with prod? Who but the dev running duckpan would execute one of these?
@zachthompson yes, for parity with Prod. Without this, you'd see breakage inside DuckPAN for queries containing </script>
We've made similar internal changes as a means of preventing XSS for now.
This enable us to no longer require Goodie output to be encoded with
html_enc.The production changes are already live. Now we just need to cleanup all the Goodies 😄
/cc @mintsoft @GuiltyDolphin