You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#45 was submitted, but we also need a check that "target" parameter doesn't contain a host name at line 104? Otherwise malicious user can still put a full URL to the "target" param.
We should validate that it is in the same domain.
The text was updated successfully, but these errors were encountered: