HenrikJoreteg/ICanHaz.js

Escaping is not up to date

olmaga opened this issue · 2 comments

Hi

Mustache has updated the escaping of the values, which is quite important and insecure at the moment

Would love if you would take it into trunk!

See the mustache issue: janl/mustache.js#58

Greets

Thanks for the heads up... any thoughts on which commit to include?

The funny thing is my co-worker @natevw rewrote mustache.js and was actually asked by janl to potentially take over the project. I may actually use his version for ICH. But, yeah, it needs an update either way. I'll try to pinn him down this week to figure out where his branch is at.

I know this is old, but I just wanted to let you know there's a new version in the "module" branch that I"ll be merging to master once it's a bit more tested. It also includes a version that doesn't bundle mustache at all so you can bring your own. Hope that helps, (sorry it took FOR-EVER to get this in there). Cheers!

p.s. Here's the "module" branch: https://github.com/andyet/ICanHaz.js/tree/module