shortcut-integration[bot]
commented
6 months ago This pull request has been linked to Shortcut Story #234563: Remove frames.html as a temporary fix to XSS vulnerability in ruby docs.
Closed keelerm84 closed 6 months ago
shortcut-integration[bot]
commented
6 months ago This pull request has been linked to Shortcut Story #234563: Remove frames.html as a temporary fix to XSS vulnerability in ruby docs.
The documentation generated from
yardcreates a frames.html file. This file is susceptible to XSS attacks.Additionally, this page can act as an open redirect (e.g. https://launchdarkly.github.io/ruby-server-sdk/frames.html#!////example.com).
To remediate this problem, we are going to simply remove the generate frames.html file. This file was created to support classical frameset views for the docs, which we have no need to support.