Captain's Log: 2013.09.09
- I went solo tonight since Vyki had to take the night off
- Sick with fever/cold! But must keep going...
- Captain Kurt gave me some pair programming interview tips
- Finally merged
caching-support-for-preview
into master, 3 weeks after opening the PR - Created
sanitize-url-for-preview
branch- We need to make sure oneboxes don't allow cross-site scripting, aka XSS
- Added tests to
Engine
spec- Returns onebox wrapper
- Doesn't allow XSS injection
- Added tests to
Onebox
spec- No triple braces in Handlebars templates - this escapes values
- No Javascript -
<script
tags or attributes likeonclick
,onload
, etc.
- Fixed Wikipedia onebox template to not use triple braces
- Ready for Vyki to merge
- We're now ready for 1.0.0 release! Now to do it together...