Closed keelerm84 closed 6 months ago
The documentation generated from yard creates a frames.html file. This file is susceptible to XSS attacks.
yard
Additionally, this page can act as an open redirect (e.g. https://launchdarkly.github.io/ruby-server-sdk/frames.html#!////example.com).
To remediate this problem, we are going to simply remove the generate frames.html file. This file was created to support classical frameset views for the docs, which we have no need to support.
This pull request has been linked to Shortcut Story #234563: Remove frames.html as a temporary fix to XSS vulnerability in ruby docs.
The documentation generated from
yard
creates a frames.html file. This file is susceptible to XSS attacks.Additionally, this page can act as an open redirect (e.g. https://launchdarkly.github.io/ruby-server-sdk/frames.html#!////example.com).
To remediate this problem, we are going to simply remove the generate frames.html file. This file was created to support classical frameset views for the docs, which we have no need to support.