Hei! Nice catch! I like it!

But as I don’t save anything in DB and do not provide permanent links, it’s a completely stateless app — how can you damage anyone but yourself? Do you have an example of possible damage use case and why do you think it’s still an issue I should fix?

I didn’t pay attention to JS/HTML injection because of stateless nature of the app.

Thank you!

I write about practical and effective techniques that help me and my colleagues in everyday software development and testing.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store