Poor security practice in first tutorial


#1

Hi!

In the first Hello World tutorial, there is a line:

document.getElementById('heading-name').innerHTML = person.name()

Anyone that puts HTML (or a less than sign, etc) in their name will get interesting results.

-s