Cross-site scripting not mentioned in the tutorial
|Reported by:||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Am I right that you don't mention the problem of cross-site scripting in the tutorial? Let's say I would add a poll like this:
question: What does <script>alert("foo");</script> do?