I think the the patch to instances.js, while correct, is indicative of an underlying security design problem (we need to re-separate our html generation from our core code logic), but this ticket is not the place for that discussion.
Both patches look correct to me, I've asked Gabriel Hurley to take a look at the javascript issue.
I think the the patch to instances.js, while correct, is indicative of an underlying security design problem (we need to re-separate our html generation from our core code logic), but this ticket is not the place for that discussion.
Both patches look correct to me, I've asked Gabriel Hurley to take a look at the javascript issue.