First, my apologies for really dropping my commitment to this blog the last six months. The next six months will be better, I promise. Second, the presenter pattern we built into our latest Ruby on Rails and Backbone.js application created an opportunity for XSS attacks. XSS attacks are nasty little security holes exploited through the DOM, although not common for casual users to hack, experienced hackers can cause a ruckus on your application if found. On our application we found the security hole in an authenticated area, which is better, none the less there are probably hundreds of applications using Backbone.js where this vulnerability is serious. In a Rails application it is possible/common to setup presenters to ready your API[…]