AA
AA
Yeap, I can replicate it. My bower file: ``` json "dependencies": { "framework7": "1.0.6", "template7" : "1.0.5", "handlebars": "3.0.3", "requirejs" : "2.1.18", "text" : "2.0.14" } ```
It's true. I mean ``` js Dom7('body').html(Template7.compile('{{text}}')({text:'alert(1)'})) ```
Actually the encoding should be used by default to prevent XSS-like attacks. You'd pay attention to other template engines like Jade, Handlebars, Fest are used [OWASP practice](https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet).
Yep, you'd up the major version )
Oh, shit. Try to use `access_token_verb`
@tqc, what about `expires_in`? How to refresh token without this field?
@vbuch, ```js { mr: { auth_version: '2.0', authorize_url: 'https://o2.mail.ru/login', access_token_url: 'https://o2.mail.ru/token', revoke_token_url: 'https://o2.mail.ru/revoke', scopes: 'userinfo', callback_url: ({ app_name, client_id }) => { return 'xxx-oauth-callback://'; } } } ``` **Result** ```...
The problem is solved in accessTokenResponse of OAuthManagerModule.java: ```java String callbackUrl = (String) cfg.get("callback_url"); if (callbackUrl == null) { callbackUrl = "http://localhost/" + providerName; } ```
Хотелось бы чтобы препроцессор был ориентирован на работу с HTML-сущностями. Добавления классов и id я вижу так: ``` ruby div#id.foo if true &.bar else &.baz ``` ``` html ``` Без...
Дополнение к ответу Егора: ``` ruby # инлайновый блок @set __block1(title) .... @set block2(title) @get __block1 .... @set block3(title) @get __block1 .... @export block1 as b-page1, block2 as b-page2 ```