Bankde Eakasit

If you say this case is found often then I'm ok with the change. This PR looks straightforward and clear. I would love if you add unit-test too but we...

From Vishal opinion, he's ok with using python3 and agree that python2 won't be helpful soon. Also, most people might (or should start) use python3 now. If you agree with...

Yes we should. Could you please update few lines ? In readme.txt ```LinkFinder supports Python 2 & 3.``` In linkfinder.py ```Line 2: # Python 2.7.x - 3.6.x``` So I don't...

They look good. Thanks.

For minlength, I have seen some jquery like this ``` path = "api/" + endpoint; ``` Length limit would miss these findings. I'm still ok with length limit; however, it's...

At what speed that 75 messages was sent ? If it was sent really fast (within 30sec-1min, I don't know exact threshold), it's likely that your account hit the spam/malware...

I think he mean directly access the URL; e.g. attacker sending API link to the victim. This is the real possible case for API that incorrectly returns `Content-Type: text/html`. I'm...

I have reviewed this issue a bit and here is my opinion. Current browsers consider XML mime type to be active content (thus executing Javascript/XSS). There are also other contents...

``` It is not input validation, it is output encoding problem. ``` We might both have the same idea but just from different perspectives. I personally think it is both....

By the way, I completely agree with @elarlang concern. While I don't have an exact idea of recommendation, I propose to add some general idea like this into the requirements:...