XSS

[IonicaBizau]

Interesting project! I found this little thing:

Input:

{
 "foo": "bar",
 "test": "<script>alert()</script>"
}

Output:

<table border="1"><tr><th>foo</th><td>bar</td></tr><tr><th>test</th><td><script>alert()</script></td></tr></table>

The <script>alert()</script> should be encoded to avoid XSS.