<p>second commit should fix <a href="https://github.com/opentechinstitute/luci-commotion-apps/issues/12" class="issue-link" title="Stored XSS in local application URL (High)">#12</a></p>

<p>to test, submit app with url: <code>javascript://127.0.0.1/?%0d%0aalert(document.domain)</code>. App submission should be rejected.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br>Reply to this email directly or <a href='https://github.com/opentechinstitute/luci-commotion-apps/pull/21#issuecomment-26603018'>view it on GitHub</a>.<img src='https://github.com/notifications/beacon/HSS0tS4nfORw_XnPQF8f0QL6yDUpxq6Oql_qVugh7cKJhJ3Y3VlW-dAMl0u8ZbiM.gif' height='1' width='1'></p>