-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JSONView has been removed/disabled from the Chrome Web Store #1
Comments
From @-ScottGRoberts on November 11, 2016 20:39 Does this PR from 2 years ago address the issue? https://github.com/gildas-lormeau/JSONView-for-Chrome/pulls number 49 |
From @-MattRyder on November 14, 2016 11:8 Yep, can confirm it. Use the following page as a reproducible test case when JSONView is enabled. The gist file being served can be found here (in safe form): https://gist.github.com/MattRyder/f356b402f696f147943907eb8a3859e5 |
From @-jamiew on November 16, 2016 14:31 I've been getting some questions on my (unrelated & unpublished) jsonview-chrome repository, https://github.com/jamiew/jsonview-chrome Has anyone stepped up to fix things in this repo + republish yet? |
From @-dan-blanchard on November 18, 2016 21:5 There are alternative extensions that seem to be just as nice (if not nicer): |
From @-JordanMilne on November 19, 2016 3:7 Yep, there are actually several different UXSS issues in JSONView-for-Chrome's
If someone wants to take ownership of a fork, this patchset should fix all three issues. |
Security vulnerability issue copied from upstream repo is below.
The vulnerability is demonstrated by: https://rawgit.com/MattRyder/f356b402f696f147943907eb8a3859e5/raw/974c9151394b582d9ab7c58d0dc4d12f2fd5e35d/jsonViewVuln.json
Which contains:
Seems like this should be easy to fix.
From @-tordans on November 11, 2016 15:15
The extension is also automatically disabled with the notice that "this extension contains a serious security vulnerability."
Does anyone know more or how to fix it?
Further input
Update
I emailed @-gildas-lormeau but did not hear back from him.
I switched to "JSON Viewer" now like @-dan-blanchard suggested. JSON Viewer has a cleaner Issue and PR List than JSON-formatter, so I go with JSON Viewer and hope the maintainer will stay with us :).
Copied from original issue: gildas-lormeau/JSONView-for-Chrome number 75
The text was updated successfully, but these errors were encountered: