Be careful guysssssssssss
Looks like they fixed it.
This is also what I prevented on our site with the content security policy. Woo security.
teh_g I was about to write that they fixed it. Well, most of it. Activity feed is still a bit broken. I’ve been receiving some friend requests that are totally unknown so I made my profile completely private. I’d recommend everyone to do that as well just in case.