Update sample code so it is HTML-injection-safe

hoodiehq-archive / documentation

⛔️ deprecated. Moved to hoodiehq/hoodie/docs

https://hoodie.readthedocs.io

76 stars 49 forks source link

Update sample code so it is HTML-injection-safe #197

Closed mheiber closed 8 years ago

mheiber commented 8 years ago

Fixes #196

Uses $.text() instead of $('<li>' + unsafeContent + '</li>); : so the tutorial doesn't encourage practices that are vulnerable to cross-site scripting.

See Cross-Site Scripting Prevention Cheat Sheet

mheiber commented 8 years ago

Whoops! Sorry about that.

gr2m commented 8 years ago

Looks good, thanks!