hackmdio/codimd

<iframe> tag cause open redirect

Open

#959 aberto em 18 de set. de 2018

Ver no GitHub
 (2 comments) (0 reactions) (0 assignees)JavaScript (1.038 forks)batch import
Hacktoberfesthelp wantedsecurity

Métricas do repositório

Stars
 (8.949 stars)
Métricas de merge de PR
 (Nenhuma PRs mesclada em 30d)

Description

If the source website has the script like this:

<script type="text/javascript">
if(window != top) {
    top.location.href = location.href;
}
</script>

It may cause a open redirect issue on codimd. I use www.plurk.com which has anti-clickjacking code to demo.

Demo Link in demo.codimd.org

<iframe src="https://www.plurk.com/k1tten_">

Broswer verison:

Safari 11.0.2: triggered
Firefox Quantum 62.0 : triggered
Chrome 68.0.3440.106: not triggered

Guia do colaborador