mlgualtieri
commented
6 years ago Initial guess... Google Translate encapsulates the page within an iframe, which may block the ability for the plugin to see all CSS stylesheets loaded.
Closed mlgualtieri closed 6 years ago
mlgualtieri
commented
6 years ago Initial guess... Google Translate encapsulates the page within an iframe, which may block the ability for the plugin to see all CSS stylesheets loaded.
mlgualtieri
commented
6 years ago The issue has been fixed in 1.0.11. The parameter '"all_frames": true' needed to be added to the manifest.json to provide plugin access to sanitize pages within frames.
New issue someone sent in via my website contact form. When viewing the vulnerability tester page within Google Translate, the plugin doesn't sanitize CSS rules and the page shows as vulnerable.
Steps to reproduce: Visit: https://translate.google.com/ Enter URL: https://www.mike-gualtieri.com/css-exfil-vulnerability-tester Press the Translate button