Closed micolous closed 9 years ago
Still two open things here;
There's more than case sensitivity that is an issue for the Zookeepr schema -- unfortunately is not that simple.
The webchat blocks navigation if logged in, but not if it is not logged in.
The formatting things are replaced with a much saner implementation in JavaScript directly, and now calls .text
instead of .html
. This means that the event feed no longer has potential for HTML injection issues, because we don't actually bother to sanitise that input data.
There's more than case sensitivity that is an issue for the Zookeepr schema -- unfortunately is not that simple.
Lets worry about getting Zookeepr fixed another time.
The formatting things are replaced with a much saner implementation in JavaScript directly, and now calls
.text
instead of.html
. This means that the event feed no longer has potential for HTML injection issues, because we don't actually bother to sanitise that input data.
We trust data from zookeepr and we generate ourselves. We also have no "user data" to steal, so injection isn't really an issue. I'm going to merge this, but we should probably look at rolling back this bit.