| Thanks for the feedback. The payload includes icon's and SVG data that I am slowly removing to lower it's size. The entire app is all in the one block. History management the back button was added on request and based on mobile usage, it should be fine with the default browser button but I will take a look. The links I totally get, as everything is generated as it's needed that can be changed over and I will take a look at that. The time is based on the servers time as clients can be all over the place and I am not tracking where users are and timezones, I have never seen times jump all over the place so I will take a look as the timestamp is provided in the same request as the data so it should be updated as the content is loaded. The inputs are sanitized and rendered as HTML characters, it just appears to be a bug with the render back as regular characters on edit so that users don't see the HTML characters in the text input, but that would be only on the user who made the content that it would do anything, but I will add rules to remove that type of tag server side also. For example what you gave turns into. <script>alert(1);</script> It just turns back to normal characters when you bring it up to edit the input as the one who set it. I will use all this and make some changes, the links where not on mind mostly to the expectation it would mostly be used in an app capacity. |