We actually already do that with our API version of the plugin. We're currently working on a new plugin which should deprecate our old JavaScript version.
Affects Django users with 'USE_I18N' set to True and the LocaleMiddleware activated. Fix prevents a potential DoS attack from a malformed HTTP request.
Any domain cookies for .bigheadlabs.com are vulnerable, which could be a real problem (Wordpress admin maybe?).
Domains are so cheap now that I almost always buy one for every project (even hacks) these days, partially just to isolate potential XSS issues.
I didn't mean to imply anything disparaging towards you, this kind of annoying stuff pops up even at Google. It's so easy to miss a spot, especially on quick hacks.
Thanks for creating that site, it's an awesome contribution.
The nice thing about these web frameworks is that it makes rapid prototyping easy, and in doing so, it does things which may seem "magical". I would recommend that one should gain a certain level of understanding of what's going on behind the scenes. In doing so, it won't be as "magical" after all.
'... would recommend that one should gain a certain level of understanding of what's going on behind the scenes ...'
The upside of this is you work less & do things faster because there is a lot of functionality pre-built. Solutions become a lot simpler because you are utilising more of the framework, less custom code leaving more time to solve the real problems.
