Location bar is not escaping the file name. #267

ikarienator opened this Issue Mar 27, 2013 · 0 comments


None yet

1 participant


It will cause problem if there are special chars in the file name.

For example rename the file to <div onclick="alert('pwnd');">nice.js and you can have a clickable file name on the location bar. Similar tricks can cause automatic code execution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment