cryptosharks131
commented
2 months ago This should now be resolved in the latest v1.9.0 branch. Can you verify if you are still able to replicate the issue with this branch?
Closed JaviLib closed 1 month ago
cryptosharks131
commented
2 months ago This should now be resolved in the latest v1.9.0 branch. Can you verify if you are still able to replicate the issue with this branch?
cryptosharks131
commented
1 month ago duplicate: #363
When opening a channel with a node with html code inside, an injection happens. Try for example to open a channel with this node https://lightningnetwork.plus/nodes/03db10aa09ff04d3568b0621750794063df401e6853c79a21a83e1a3f3b5bfb0c8
As you can see, the name of the node is , and when you click on channel of the node, an alert happens in the browser.
Also, the name of the node appears blank in the list of channels, like this:
So.
The script executed in this example is not very harmful, but imagine somebody changes the name and inject a full harmful script into the users browsers. This can be very harmful.
Please, urgently release a patch.