search

Esri / geoportal-server

Geoportal Server is a standards-based, open source product that enables discovery and use of geospatial resources including data and services.
https://gptogc.esri.com/geoportal
Apache License 2.0
245 stars 149 forks source link

Prevent iFrame Injection #343

Closed RedYetiDev closed 6 months ago

RedYetiDev commented 8 months ago

This pull-request will prevent any/all forms of iFrame Injection within the Javadoc page.

[!NOTE] While this is a security issue, due to the low-severity of it, I do not believe it needs to be kept confidential, and it can be publicly displayed as a Github Pull-Request.

RedYetiDev commented 8 months ago

Hi! Any update?

mhogeweg commented 8 months ago

have you seen this update? https://github.com/Esri/geoportal-server/blob/gh-pages/javadoc/current/index.html

RedYetiDev commented 8 months ago

Yes I have, but open redirection is still possible. My PR will fix it.