This repository has been archived by the owner on Dec 31, 2020. It is now read-only.
Embedding via mapJSON results in NoScript (probably others) logging a XSS issue #10
Labels
Comments
|
Got the encodeURIComponent to work (the original issue was with parsing URL parameters). However, another issue is that the URL max length will limit this functionality pretty heavily. The best way to embed is still to point to a hosted URL |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
When embedding direct JSON files (for example https://simopaasisalo.github.io/MakeMaps_embed/tests/pori.html), an XSS protection is triggered in NoScript (https://noscript.net/).
I tried to use encodeURIComponent when generating the embed script, but this fails when the JSON contains '', for example in Legend URL.
Need to see how to deal with the encodeURIComponent route, as it would be the best way to avoid all kinds of mischief
The text was updated successfully, but these errors were encountered: