I'm not 100% sure but it kind of feels like words aren't being properly escaped in the SQL queries. Putting a 'or 1=1; on a line seems to pretty consistently mess things up and or crash the app for me. I was looking in the Editor.js files and it kind of looks like there is just raw string interpolation happening in the queries but I'm not sure.
I'm not 100% sure but it kind of feels like words aren't being properly escaped in the SQL queries. Putting a
'or 1=1;
on a line seems to pretty consistently mess things up and or crash the app for me. I was looking in the Editor.js files and it kind of looks like there is just raw string interpolation happening in the queries but I'm not sure.Super cool app though :) I really like it so far.