|
|
|
|
|
|
by TicklishTiger
1732 days ago
|
|
|
This is not called XSS. This is just user generated html on subdomains. Github does the same on github.io. Everybody can make a theirname.github.io page and alert whatever they like too. So does Gitlab on yourname.gitlab.io, Wordpress on yourname.wordpress.com etc. It is a common practice. |
|
|
That's only an issue if this is possible for comments. The current behavior is working as intended I'd say.