Filter <meta> tags from notes #404
Labels
priority:high
This is a high-priority issue
project:js
This affects the js UI
tag:security
This is a security issue (encryption problem, data leak, etc)
type:bug
GET THE RAID
Milestone
Comments
orthecreedence
added
type:bug
|
can i work on this? |
|
Yeah, please do! This would be a good kick in the pants for me to do a security release. If you need any help getting the app set up, let me know. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Notes allow
<meta>tag injection. Ie, a note with the contentopens a new browser window to Google. While this problem would happen over person-to-person sharing and thus the severity is limited (because you generally only share with those you trust) it remains high priority.
Special thanks to Rafay Baloch and Muhammad Samak for this report.
The text was updated successfully, but these errors were encountered: