Closed vmarmol closed 11 years ago
professor
commented
11 years ago When the user alters the "First Name" or "Last Name" fields, then the sv email address and the andrew email address are updated, however, they are not checked.
Which would you recommend? Option 1 - change onblur() to onchange() or Option 2 - alter function update_twiki_and_email() to include a call to check_email and add_at_andrew_dot_cmu_dot_edu
professor
commented
11 years ago I also have the same comment when we autopopulate the fields with a query such as
localhost:3000/people/new?first_name=Todd&last_name=Sedano&webiso_account=at33@andrew.cmu.edu&is_student=true&program=ECE&expires_at=2013-01-01
I'm guessing on document load would be a good time to detect this?
professor
commented
11 years ago Note: if you do another pull request, I've refactored two of your methods to make the meaning slightly more explciit for future code readers.
Todd,
Defect: Unescaped fields for HTML output in lib/HUB_class_roster_handler.rb's roster_change_message.
Resolution: Escape all fields.
Thank you! Team Procrastinators