Hacktoberfesthelp wantedsecurity
仓库指标
- Star
- (8,949 star)
- PR 合并指标
- (30 天内没有已合并 PR)
描述
If the source website has the script like this:
<script type="text/javascript">
if(window != top) {
top.location.href = location.href;
}
</script>
It may cause a open redirect issue on codimd.
I use www.plurk.com which has anti-clickjacking code to demo.
<iframe src="https://www.plurk.com/k1tten_">
Broswer verison:
Safari 11.0.2: triggered
Firefox Quantum 62.0 : triggered
Chrome 68.0.3440.106: not triggered