Thread:Mfaizsyahmi/@comment-1171508-20151028174853

Hello Mfaizsyahmi,

We recently reviewed the Notiplus script you submitted. We didn't find any security vulnerabilities, but there's two things we'd like to make sure you're aware of:


 * 1) The Project:Notiplus page should probably be protected to prevent anyone from changing the notifications.
 * 2) There's several occasions where HTML is being prepended through the following method:  . While consent_text (and the other i18n strings) is a safe string, we'd prefer it if you use something like  . This makes reviewing the code easier as we don't have to trace back the source of the variable, as we can be sure it's being escaped properly.

Thank you. 