hackmdio/codimd

<iframe> tag cause open redirect

Open

#959 建立於 2018年9月18日

在 GitHub 查看
 (2 留言) (0 反應) (0 負責人)JavaScript (1,038 fork)batch import
Hacktoberfesthelp wantedsecurity

倉庫指標

Star
 (8,949 star)
PR 合併指標
 (30 天內沒有已合併 PR)

描述

If the source website has the script like this:

<script type="text/javascript">
if(window != top) {
    top.location.href = location.href;
}
</script>

It may cause a open redirect issue on codimd. I use www.plurk.com which has anti-clickjacking code to demo.

Demo Link in demo.codimd.org

<iframe src="https://www.plurk.com/k1tten_">

Broswer verison:

Safari 11.0.2: triggered
Firefox Quantum 62.0 : triggered
Chrome 68.0.3440.106: not triggered

貢獻者指南