Hei! Nice catch! I like it!

But as I don’t save anything in DB and do not provide permanent links, it’s a completely stateless app — how can you damage anyone but yourself? Do you have an example of possible damage use case and why do you think it’s still an issue I should fix?

I didn’t pay attention to JS/HTML injection because of stateless nature of the app.

Thank you!

--

--

--

I write about practical and effective techniques that help me and my colleagues in everyday software development and testing.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alexey Sotskov

Alexey Sotskov

I write about practical and effective techniques that help me and my colleagues in everyday software development and testing.

More from Medium

Can you be sincere?

The way you wake up in the morning effects how you feel, act and experience your day.

The resurrection of the Shaman

Why you should hire a resilience speaker for your next company event