Chat feature

[IanHuntress]

Hi, We are some RPI students trying to contribute to draw.js for a class.
We attempted to duplicate the chat we saw in the etherpad-lite based on issue #22.
We are new at this, so please tell us what you think.

-Thanks

[JohnMcLear]

Please don't use dropbox for resources

Also please rebase so it can be merged

Remove chat demo line from readme

[IanHuntress]

I don't really understand how tell if everything is ok, but It seems like the rebase worked since this issue claims to be "up-to-date." If I've done something dumb, directions to docs/tutorials would be much appreciated. (also, rebase is cool)

[JohnMcLear]

Has this been tested for XSS attacks?

[IanHuntress]

Based on this list of rules for XSS security:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
It seems I have broken those rules in the chat feature.
However, am also unable to exploit anything I've read about here:
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
to cause undesired behavior.
If you can direct me to something else that I should read (or an exploit
that I missed) about this, I am interested.

On Sat, Feb 20, 2016 at 7:24 AM, John McLear [email protected]
wrote:

Has this been tested for XSS attacks?

—
Reply to this email directly or view it on GitHub
#209 (comment).