Add a CSRF token in the calculator form. Avoid printing an unescaped error (which may contain JS).
Further to the security audit, two very easy wins:
- Include a CSRF token
- Escape the error message when invalid input submitted
closes #131 (closed)
Further to the security audit, two very easy wins:
closes #131 (closed)