Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
web_accessible_resource secret token accessible to webpages #550
As per the documentation here: https://github.com/gorhill/uBlock/blob/master/src/web_accessible_resources/README.txt#L3, even the files listed under web_accessible_resources are protected from being accessed by webpages using secret_token.
However, in Chromium based browser, we have found that under special circumstances webpages can steal that token:
A specific URL where the issue occurs
Given the bug tracker is open, intentionally keeping from giving more details / PoC.