Sign in through GitHub

RailsCasts Pro episodes are now free!

Learn more or hide this

Matthew Robertson's Profile

GitHub User: matthewrobertson

Site: http://matthewrobertson.org/

Comments by Matthew Robertson

Avatar

I just want to point out that using eval to execute anything that comes over the channel is really insecure and opens you up to XSS attacks.

Also, Ryan forgot to delete the FAYE_TOKEN from outgoing messages in his Faye extension, so anyone who connects to his chat app could execute arbitrary code on all of the connected clients...