Obligatory suggestion to developers who use this: Don't copy&paste reuse that cu... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		neilv 8 months ago \| parent \| context \| favorite \| on: Display any CSV file as a searchable, filterable, ... Obligatory suggestion to developers who use this: Don't copy&paste reuse that custom formatting code from the demo for arbitrary CSV, since the code inserts arbitrary strings into both HTML attribute value and CDATA contexts, without escaping special characters. `return "<a href='" + link + "' target='_blank'>" + link + "</a>";`

rafaelgoncalves 8 months ago [–]

the creator even acknowledged the risk in the sample... but i do not understand why not create a more secure sample first time? since people will absolutely copy to test.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact