|
|
|
|
|
|
by arkadiyt
2140 days ago
|
|
|
> I suppose it's not much of a security risk. It wouldn't be much of a security risk if the authors had correctly isolated user content into its own origin, which would have made this a self-xss only. As it stands the app itself runs on the same origin, so this is a real XSS. |
|
|
Long-term, we definitely need more security-minded folks on the team.
Short-term, I will add an email address in the footer so that such issues can at least be reported privately.