Open asch3ron opened 7 years ago
Hi @asch3ron, I hope you solved your problem. I just stumbled into this issue and I wanted to let you know that this is probably both a bug in the library and a security hole in your application, specifically persistent XSS. Input from the user should always be sanitised. Imagine if a user enters as her name <script src="url_of_malicious_code"></script>
! The script will run for every user that sees the malicious user's name in any page and very bad things can happen. Or maybe I am just being paranoid...
Hello,
I'm parsing some game reports, and players can choose their own name. (here it's <:::::::::::::)=o)
Results:
The
<td><:::::::::::::)=o</td>
is missing. Is that a known bug ?Thanks,