
Square API Leaves Apps Vulnerable to XSS Attacks - chrisdavar
http://zenincognito.com/squareups-api-not-escaping-json-outputs-a-quick-note-on-unsafe-apis/
======
kylequest
They can't really do it because they have no idea where the data will be used.
Depending on where your app puts the data different types of encoding must be
done.

------
chrisdavar
Begs the question how can they leave the apps unaudited. 6 months on the store
after someone raising this issue seems just lazy or careless on square's part.

