Sign in through GitHub

Please read for an updated status on RailsCasts:

Learn more or hide this

Matthew Robertson's Profile

GitHub User: matthewrobertson

Site: http://matthewrobertson.org/

Comments by Matthew Robertson

Avatar

I just want to point out that using eval to execute anything that comes over the channel is really insecure and opens you up to XSS attacks.

Also, Ryan forgot to delete the FAYE_TOKEN from outgoing messages in his Faye extension, so anyone who connects to his chat app could execute arbitrary code on all of the connected clients...