Susan Aronson

Susan Aronson Plus

This apparently allows for an XSS attack:

Would you mind changing this so json is served as application/json instead of text/html?

This will have the nice side effect of allowing developers to auto-detect the format of the response based on the content-type header.


Brad Dougherty

Brad Dougherty Staff

Sorry! It got commented out for some reason. I'll get that fixed later today.

This conversation is missing your voice. Please join Vimeo or log in.