Remix clone Hacker News

new | show | ask | jobs Github

	▲	MajesticHobo2 3 days ago
		I'd say also add a test that shows the HTML injection (which spurred the PR) isn't possible. Given an attacker-controlled URL of: `foo onclick` the following shouldn't render: `<a class="item muted sidebar-item-link" href=foo onclick>` The following should: `<a class="item muted sidebar-item-link" href="foo onclick">`
	▲	kstrauser 3 days ago \| parent [-]
		Oh, for sure! That'd end the conversation: "your change breaks the existing tests. Fix that and we'll re-consider."