Hi all, I'm the one who created the vulnerability (and ultimately fixed it). I'm open to constructive questions.
To all those who cringe, please consider that this code was written while I was learning Angular--and javascript, and html and css, for that matter--while I was still working as a financial professional in a Big 4 accounting firm. Times have changed: I've learned a lot from earlier mistakes and now work as a full-stack developer with Auth0.
Unfortunately, much of the code-base in production Plunker dates from the time when I was new to this whole field and demonstrates two important things:
1. A case-study on inconsistent code style and anti-patterns.
2. Something useful to the community can be produced despite #1.
To all those who cringe, please consider that this code was written while I was learning Angular--and javascript, and html and css, for that matter--while I was still working as a financial professional in a Big 4 accounting firm. Times have changed: I've learned a lot from earlier mistakes and now work as a full-stack developer with Auth0.
Unfortunately, much of the code-base in production Plunker dates from the time when I was new to this whole field and demonstrates two important things:
1. A case-study on inconsistent code style and anti-patterns.
2. Something useful to the community can be produced despite #1.
I co-presented the following talk at ng-conf 2015 that explains this philosophy pretty well: https://www.youtube.com/watch?v=hYXEuQZMLSM