I'm a long-time programmer, and always make sure that I sanitize my post data.
I was also running on the assumption that any data received from the Podio API would be clean.
But be careful. Podio can return dangerous data:
I just had an account sign up, where the organization name in Podio was
The user had an app called
'"><img src=x onerror=prompt(0);>
And the user's email address in Podio was
'"><img src=x onerror=prompt(0);>email@example.com
Needless to say this can cause many issues.
Please sign in to leave a comment.