Brock Whittaker 7f5703a21f Prevent HTML from being pasted into the stream name/description box. ...

This prevents users from either dragging formatted markup into content
editable boxes or pasting it in. This uses the “input” event rather
than “paste” because “paste” does not have the end result of the
contents whereas “input” does.

This is not a security vulnerability as it may seem. Processing on the
backend sanitizes input if it contains HTML.

2017-02-17 12:01:24 -08:00

22 KiB

Raw Blame History

View Raw