GitHub User: matthewrobertson
Site: http://matthewrobertson.org/
-
watch on iTunes
-
follow on Twitter
-
follow on Facebook
-
subscribe to RSS feed
I just want to point out that using eval to execute anything that comes over the channel is really insecure and opens you up to XSS attacks.
Also, Ryan forgot to delete the
FAYE_TOKENfrom outgoing messages in his Faye extension, so anyone who connects to his chat app could execute arbitrary code on all of the connected clients...