Is it still safe if you input <script>alert("wow");</script> in the message body??
it seems the body is raw.
Isn't it why we always want to use controller's renderer? so that you can leave the worries like this behind?
Yeah, you'll want to sanitize it. I can't cover everything in the series, so that's one you'll have to add in. Good catch, it'll be useful for anyone else following this to be aware of that.
Join 24,647+ developers who get early access to new screencasts, articles, guides, updates, and more.