Prevent iFrame Injection

Esri / geoportal-server

Geoportal Server is a standards-based, open source product that enables discovery and use of geospatial resources including data and services.

https://gptogc.esri.com/geoportal

Apache License 2.0

245 stars 149 forks source link

Prevent iFrame Injection #343

Closed RedYetiDev closed 4 months ago

RedYetiDev commented 7 months ago

This pull-request will prevent any/all forms of iFrame Injection within the Javadoc page.

[!NOTE] While this is a security issue, due to the low-severity of it, I do not believe it needs to be kept confidential, and it can be publicly displayed as a Github Pull-Request.

RedYetiDev commented 6 months ago

Hi! Any update?

mhogeweg commented 6 months ago

have you seen this update? https://github.com/Esri/geoportal-server/blob/gh-pages/javadoc/current/index.html

RedYetiDev commented 6 months ago

Yes I have, but open redirection is still possible. My PR will fix it.