I'd suggest you take a look at OWASP guide relating to XSS, PHP and JS.
A quick answer would be : If you have a doubt then yes there's a risk because you haven't did enough testing / understand the underlying process so you could convince yourself it's safe.
Not to be rude but if your last line of defense against XSS is
having your code validated by a mailing list then maybe you should
go to a safer way...
You could also run ZAP thru your test server and see what comes back.
Here's some link
OWASP Application Security Verification Standard (XSS/SQL
Injection/Remote code execution, etc)
OWASP Web Security Testing Guide
You received this message because you are subscribed to the Google Groups "Joomla! General Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-gene...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/joomla-dev-general/ed0ba1e1-1816-4945-8357-30f812d8de6cn%40googlegroups.com.