From 1fe602c2d0df5a2a29a64261bd55b410524ed234 Mon Sep 17 00:00:00 2001
From: Tony Garnock-Jones <tonygarnockjones@gmail.com>
Date: Mon, 4 Feb 2013 10:06:34 -0500
Subject: [PATCH] Note on need for capabilities.

---
 server/TODO | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server/TODO b/server/TODO
index 47c069f..6d2dfde 100644
--- a/server/TODO
+++ b/server/TODO
@@ -14,6 +14,9 @@
 
 ## OCaml server
 
+ - Make the webserver listen on a random URL to avoid cross-site scripting
+   attacks on localhost from malicious random internet webpages.
+
  - use lazy and Lazy.force where appropriate
 
  - Figure out how to avoid the overhead of Message.message_of_sexp