Find vulnerabilities

[daKmoR]

If you have a possible attack vector please make a comment or an issue and include the code like so

```js script
// execute code with an attack vector
console.log('window.secret', window.secret);
```

[daKmoR]

PREVENTED: Trying to fetch an external resource

fetch('https://www.google.com/').then(response => response.text().then(text => console.log(text)));

[daKmoR]

PREVENTED: Trying to fetch from api.github.com (e.g. do github api calls on behalf of the user)

fetch('https://api.github.com/').then(response => response.text().then(text => console.log(text)));

[daKmoR]

PREVENTED: get data from parent window before you start you should set window.secret = 'pssst';

console.log('window.secret', window.secret);
console.log('parent.secret', parent.secret);