Max Veytsman

Folks, this is **really** bad. Listening only on localhost is not enough! Here's a [proof of concept](http://rawgit.com/mveytsman/6c54b52898bd17783629a17c8fc44a62/raw/17a3b463156281e84372d660d06c8ccaa4207c25/pwnelixir.html) that gets code execution from **any website** via a javascript XHR request to...

My only suggestion is to not use system time for the filename (https://github.com/tonini/alchemist-server/commit/bbd1d207724cbb5d730c672d9ce2cea6df096a08#commitcomment-23265073). Otherwise I think this is the correct solution.

I found a slightly more "elegant" fix. Since I know my API will _always_ return JSON, I can add the media type to `:service-available?` which is the first node on...

I think that's a great idea! @ordnungswidrig I take it you would accept a PR to that effect, or are these kinds of changes something you don't want to leave...

sigh I just spent 30 minutes reading through activemodel commit logs. ... no idea.

Thinking about this more, I disagree. We should have a schema to track other CVEs that a vulnerability refers to, but no reason to have 2 separate rubysec vulns for...

Agreed, it should be `cve`. For now, for this particular file we can stick with the osvdb number. It is high time we pick something else for file naming.

I'm pretty sure that this is fixed by https://github.com/phoenixframework/phoenix_live_view/commit/95d5c7ccd0ac66e04b15c7b6128d44b60767e682 ! @justincjohnson can you confirm that the issue no longer exists when you use LiveView from master?

@justincjohnson I think you're correct here! I think we *should* set `PHX_HAS_FOCUSED` when the element has focused as that seems to be the intent -- as opposed to changing the...

@justincjohnson As I said I do think there's an issue with not marking `PHX_HAS_FOCUSED` correctly, but I am having some trouble understanding the intentions of your code re-read your initial...