We had posted earlier about making sure that (malicious) users cannot inject code into Kerika, in any of the areas where user input is possible.

Here’s the complete list of user actions that we are checking for XSS injecton now:

1. Board Name
   
2. Board Description
   
3. Template Name
   
4. Template Description
   
5. Tag Name
   
6. Card Attachment Name
   
7. Board Attachment Name
   
8. Card Chat
   
9. Board Chat
   
10. Column Name
    
11. Task Name/Detail
    
12. Canvas Text
    
13. Canvas Attachment Name
    
14. Canvas Shape/Object Name
    
15. Account Name
    
16. Account Billing Information
    
17. User’s Name