Note: we CANNOT rely on window.close in onSubmit or $().submit to close our popups.
On a relatively slow connection with a relatively large POST, commonly the close finishes
*before* the POST completes, as reported with our New Zealand clients. Despite success in
trivial cases, this should be obvious, since the event is necessarily before the submission.
It also assumes success and prevents any kind of error feedback. Other popups are likely
to exhibit this same defective behavior.
Some FIXME's outstanding: need to allow users to delete their own comments,
need to enforce and feedback on max comment length.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
This is a partial, perhaps temporary fix. "<", ">",
and "&" characters in patron comments (AKA reviews)
are converted to "<", ">", and "&" to avoid
certain attacks, e.g., a user entering a <script> tag
in a comment.
A more permanent fix should scrub all (or perhaps just
unsafe) tags from submitted comments entirely.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>