hackmdio/codimd

<iframe> tag cause open redirect

Open

#959 aperta il 18 set 2018

Vedi su GitHub
 (2 commenti) (0 reazioni) (0 assegnatari)JavaScript (1038 fork)batch import
Hacktoberfesthelp wantedsecurity

Metriche repository

Star
 (8949 star)
Metriche merge PR
 (Nessuna PR mergiata in 30 g)

Descrizione

If the source website has the script like this:

<script type="text/javascript">
if(window != top) {
    top.location.href = location.href;
}
</script>

It may cause a open redirect issue on codimd. I use www.plurk.com which has anti-clickjacking code to demo.

Demo Link in demo.codimd.org

<iframe src="https://www.plurk.com/k1tten_">

Broswer verison:

Safari 11.0.2: triggered
Firefox Quantum 62.0 : triggered
Chrome 68.0.3440.106: not triggered

Guida contributor