sorenrehkopf
commented
4 years ago You are very right. As mentioned in another issue this was a hobby project I made a few years back and was not really aware that anyone has been using it until recently. I'll add some xss scrubbing for those fields in the near future.
Not that there's any personal data involved with the site. There is actually no data persisted anywhere besides what people type in the fields being persisted in the generated HTML for 72 hours.
Still a good call to scrub for sure though.
You can easily inject XSS into fields. I (or anyone) could get the IP or crash anyone's browser with this.