Good day!

I am not sure I understand the question.

A comment is a streamer comment that a donor may place to show on the fundraiser page or the organization donation page, similar to a comment one places in Google+ or Facebook or any other peer-to-peer fundraising page.

What does this have to do with security?

For a more detailed explanation - see https://www.owasp.org/index.php/Cros...Scripting_(XSS) and "Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it." Your web site security people ought to be familiar with the concept, if you are not. Please ask them.

Good day!

We are fully aware of what you are discussing and the link you sent is not working.

SQL Injection is not applicable as scrubbing is something we do in every field. C&P is PCI Level 1 certified and every aspect of our platform is tested against these type of kiddy attacks. We are also monitored 24x7 with live monitoring of all log files and much more.

Every field is scrubbed but it has nothing to do with security. When you post to this forum the posts go to all developers & IT team. I am the head of security and as such I know so do not need to ask anyone.

If you tell me what your concern is then I can answer your question. I still do not know what the question is.