Organizr is vulnerable to XSS attacks
This is a pretty serious security concern for users.
Suggest supporting Content-Security-Policy: script-src 'self' and relying less on inline scripts.
For example append ?error= to the URL of a hosted organizr setup.
CSP is set using the webserver.
I'll sanitize the rest.
Most helpful comment
CSP is set using the webserver.
I'll sanitize the rest.