Skip to content

Improve XSS Protection
Compare
Choose a tag to compare
@fvoordeckers fvoordeckers released this 30 Nov 13:25
· 4 commits to master since this release
1.2.9
ae1992b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Modern browsers treat the backslash as normal slashes when used in the URLs. So instead of using the hash value "#page://google.com", we can use "#page:/\google.com" to bypasses the current protection.

Assets 2
Loading