[xavel]

Doesn't look like this 'Derek' guy knows how to sanitize input properly: http://166.78.158.209/page?id=upolrzwhns

This is just sad.

[derekchiang]

LOL don't be too serious this is just a cute silly app made in half an hour :P

[xavel]

Not to worry, but sanitizing input literally takes no more than one additional function call (at least for php/ruby/python/perl/nodejs/java/c#/ocaml).

I can understand that this might be a hassle if you've written this app in COBOL, or some other word-heavy language. In which case, my most sincere condolences.

[derekchiang]

In fact I wrote this in Erlang :P

[xavel]

Pretty impressive, I didn't know Erlang was suitable for web programming. :-)

Nonetheless, you really should make sure that input is sanitized. XSS attacks are a nasty thing.

[claudius]

Sanitising input takes one extra function call (or it should, depending on your language of choice), which to write will take about five seconds…so in half an hour, you should be able to sanitise your input 360 times.