hackmdio/codimd

<iframe> tag cause open redirect

Open

#959 geöffnet am 18. Sept. 2018

Auf GitHub ansehen
 (2 Kommentare) (0 Reaktionen) (0 zugewiesene Personen)JavaScript (1.038 Forks)batch import
Hacktoberfesthelp wantedsecurity

Repository-Metriken

Stars
 (8.949 Stars)
PR-Merge-Metriken
 (Keine gemergten PRs in 30 T)

Beschreibung

If the source website has the script like this:

<script type="text/javascript">
if(window != top) {
    top.location.href = location.href;
}
</script>

It may cause a open redirect issue on codimd. I use www.plurk.com which has anti-clickjacking code to demo.

Demo Link in demo.codimd.org

<iframe src="https://www.plurk.com/k1tten_">

Broswer verison:

Safari 11.0.2: triggered
Firefox Quantum 62.0 : triggered
Chrome 68.0.3440.106: not triggered

Contributor Guide