<p>Any text entered into the form should be escaped when presented back to users, and thus should prevent any javascript execution. I really wish these pentesters would have given some examples...</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br>Reply to this email directly or <a href='https://github.com/opentechinstitute/commotion-apps/issues/12#issuecomment-24101251'>view it on GitHub</a>.<img src='https://github.com/notifications/beacon/HSS0tS4nfORw_XnPQF8f0aN3i5bXfhozh_5bDAr3Nkjt8P-rPFYD0S_1YZ1oaUjQ.gif' height='1' width='1'></p><img src="http://sgmail.github.com/wf/open?upn=uoQOw53Jnd2odJf4vBwXdWVdsaw-2BPa0VRjcdx3LMVfDGQFpzJGxPq26mNytqhJntKTYHUdZMUsuc-2BunSsBz43Qq5F89I49Av1-2BZCfXgGa9rpK-2BHbOqmZzCOEpDggG-2FcEy-2BDiGdmq4GLHFnMOHIfb1-2BeOJI47tZ4PxCiW-2BlaosJvVNPwqUiEMgIzMzsxfqoK2lRBR4Vlucx8d0mk4kY0Q9ejaYbkw0TGycNcxUr8FtNk-3D" alt="" width="1" height="1" border="0" style="height:1px !important;width:1px !important;border-width:0 !important;margin-top:0 !important;margin-bottom:0 !important;margin-right:0 !important;margin-left:0 !important;padding-top:0 !important;padding-bottom:0 !important;padding-right:0 !important;padding-left:0 !important;"/>