Skip to content

v0.0.10

Choose a tag to compare

View all tags
@threepointone threepointone released this 16 Sep 18:08
· 74 commits to main since this release
v0.0.10
78be0eb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Patch Changes

  • #87 1804446 Thanks @threepointone! - explicitly block javascript: (and other suspicious protocols) in redirect uris

    In #80, we blocked redirects that didn't start with http:// or https:// to prevent xss attacks with javascript: URIs. However this blocked redirects to custom apps like cursor:// et al. This patch now explicitly blocks javascript: (and other suspicious protocols) in redirect uris.

Assets 2
Loading