Changes between Initial Version and Version 1 of Ticket #24251, comment 102
- Timestamp:
- 03/17/2023 12:18:33 AM (2 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #24251, comment 102
initial v1 1 OMG I can't believe this is still considered a security concern after 10 years! I realize common sense was never part of this and it won't never be in the future either. I have a new security meassure to suggest! Can we also block CSS? I'm worried about CSS exploits: https://book.hacktricks.xyz/pentesting-web/xs-search/css-injection Is there any protection we can use to prevent them? Maybe a DISABLE_CSS flag or just disabling it by default and let the user install an external plugin to enable it under their risk? My GOD...1 OMG I can't believe this is still considered a security concern after 10 years! I realize common sense was never part of this and it won't never be in the future either. I have a new security meassure to suggest! Can we also block CSS? I'm worried about CSS exploits: https://book.hacktricks.xyz/pentesting-web/xs-search/css-injection Is there any protection we can use to prevent them? Maybe a DISABLE_CSS flag or just disabling it by default and let the user install an external plugin to enable it under their own risk? My GOD...