Whenever a user supplies a custom "@context": "http://schema.org/" within the json-ld playground a call to a proxy script is made.
This proxy script is implemented in an unsafe manner, allowing an attacker to perform XSS or CSRF attacks against the server.
I didn't find a private contact method for reporting the vulnerability, so here's directly the pull request which should harden the proxy script.
Long-term it's probably advisable to perform requests to hosts defined within @context completely client-side via JavaScript.
Whenever a user supplies a custom
"@context": "http://schema.org/"
within the json-ld playground a call to a proxy script is made.This proxy script is implemented in an unsafe manner, allowing an attacker to perform XSS or CSRF attacks against the server. I didn't find a private contact method for reporting the vulnerability, so here's directly the pull request which should harden the proxy script.
Long-term it's probably advisable to perform requests to hosts defined within
@context
completely client-side via JavaScript.