lengstrom
commented
8 years ago Thanks for bringing this to our attention, we'll fix it ASAP!
Closed ivan closed 8 years ago
lengstrom
commented
8 years ago Thanks for bringing this to our attention, we'll fix it ASAP!
andrewilyas
commented
8 years ago Should be fixed!
If you visit https://ludios.org/tmp/falcon-bug.html and then open the Falcon Preferences, you'll see the page title in red. This is caused by https://github.com/lengstrom/falcon/blob/6a0de245b320d2d4f3b95cfe2f89c1c5a1337df5/extension/js/preferences.js#L45
This probably can't be used for XSS because Chrome doesn't let you insert a
<script>here, but you might be able to do other bad things with it, including stylesheet modification, surprise images or audio, or denial of service.