You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.
Thanks for flagging this. It will be a bit of a balance: Currently the entire configuration string that's passed on to the child windows is stripped of tags and a number of expressions that can be used to create XSS attacks - in order to facilitate passing HTML to popout windows (not necessarily important for the title, but for components within it as well) I think we'd need to loosen the XSS policy a bit...
Sorry for the delay in that, but this needs a bit of testing to not open up attack vectors.
Hi, allowing the set of icons on top of tabs (and other customisations) via html is very dangerous (i.e. XSS injection points), would it be possible to define (as an parameter) a number of extra classes to be added to a particular tab?