Currently there is a XSS vulnerability in the extension because the titles of tabs are not being sanitized before being added to the tab template that is added to the page.
You can check this by opening a new tab and writing:
<script>alert('xss');</script>
You press enter, then use the shortcut to open the tab switcher and you get an alert.
I added a library to sanitize the title before adding it to the page.
kamranahmedse
commented
7 years ago
Currently there is a XSS vulnerability in the extension because the titles of tabs are not being sanitized before being added to the tab template that is added to the page.
You can check this by opening a new tab and writing:
<script>alert('xss');</script>You press enter, then use the shortcut to open the tab switcher and you get an alert.
I added a library to sanitize the title before adding it to the page.