Hacker News new | ask | show | jobs
by mandatory 3183 days ago
Just an FYI this has a pretty bad security issue (XSS) which you might wanna fix ASAP (else people's Ether might get stolen :/):

https://twitter.com/IAmMandatory/status/915439417665261568
2 comments
ontoillogical 3182 days ago
Thanks for also submitting a ticket https://github.com/thousandetherhomepage/ketherhomepage/issu... !

We've added a blacklist of url schemes and CSP. I'd like to have a whitelist if I can find one with all known-good schemes we'd like to be able to support. Know of one?

link
sccxy 3183 days ago
Yeah it is broken.

But your 'testing' might get you call from the police. I would be more careful posting xss on live sites.

link