Closed barlock closed 5 years ago
We might want to consider running a scan against the final site to see if there are any other exploits that could be an issue.
Know any good open source tools?
Sense it's all static, wouldn't most exploits be from the Dev, not the platform?
What exploits are you thinking of? Any in particular? On Thu, Jan 24, 2019 at 5:31 PM Brian Chamberlain notifications@github.com wrote:
We might want to consider running a scan against the final site to see if there are any other exploits that could be an issue.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ConsenSys/web3studio-soy/pull/52#issuecomment-457383439, or mute the thread https://github.com/notifications/unsubscribe-auth/AFgLF428Qin2kmuuTYkvUPrk6AsWVGkFks5vGjRVgaJpZM4aRfzn .
Related Issue
Supports #45
Related PRs
This PR is not dependent on any other PR
What does this PR do?
I realized that allowing any domain to forward to any arbitrary ipfs hash could lead to weird cookie things or phishing if a site were vulnerable to XSS. I'm preventing that.
Description of Changes
Modified the viewer request where the bug was.
I was balancing between two concerns with this one. I think it would be cool if a site could work on a normal ipfs gateway, at which point sites could have links to their own content. So I allowed that to work as it seems safe.
I'd be curious if there are opposing thoughts.
What gif most accurately describes how I feel towards this PR?