Hacker News new | past | comments | ask | show | jobs | submit login

But you can totally audit the PHP code. There honestly isn't that much of it, and absolutely none of it takes user input. I'd be way more concerned if this was a Rails or Django app, because then there would be lots of library code to worry about.



It doesn't take input from the user, but it does use untrusted input in a way that allows XSS. See https://news.ycombinator.com/item?id=7128442 .




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: