bambams
commented
9 years ago For reference, the offending commit was https://github.com/s-aska/p5-Plack-Session-State-URI/commit/fe608a6d6dcf5664adb70b8753a5d788dcc887e5.
Closed bambams closed 9 years ago
bambams
commented
9 years ago For reference, the offending commit was https://github.com/s-aska/p5-Plack-Session-State-URI/commit/fe608a6d6dcf5664adb70b8753a5d788dcc887e5.
My tidying up apparently led to a regression that removed the injected <input> from <form> tags.
Doh! Evidently this module needs many more tests. :) Ironically it was my HTML test program that detected this... Perhaps I can work on adding additional tests in the future. Sorry for the confusion and trouble! I can't believe I missed this. I'm actually sure that I caught this earlier, but it must have gotten lost in rebasing or something... Who knows.
Append: It appears that GitHub doesn't escape HTML... That seems... bad. Instead they seem to strip it out (so you can't see the <script> tag that I attempted to inject before this sentence). I guess there's nothing to fear, but it seems pretty damn incompetent. Like Microsoft quality...