This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse the repository at this point in the history
xss: Stored XSS/Domain Whitelist Bypass
This mitigates a vulnerability reported by haxatron on [huntr.dev](https://huntr.dev/) where one can bypass the Domain Whitelist and potentially store XSS via iFrame tags. This adds a new section to the iFrame REGEX that checks for `@` and denies the iFrame if exists.
- Loading branch information
Showing 1 changed file with 1 addition and 1 deletion.