Github user robertkowalski commented on the pull request:
https://github.com/apache/couchdb-fauxton/pull/36#issuecomment-52943396
Hi @thriqon,
awesome stuff! Just a small issue that I found before I merge:
We recently had an XSS issue in Fauxton and decided to prefer `<%-`
(escaped) over `<%=` (unescaped) input where no HTML rendering is needed.
Could you change that?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
