Open acidus99 opened 2 years ago
Elaho will execute Javascript if when a user clicks a standard Gemtext link (=> javascript:alert(555) hello!)
=> javascript:alert(555) hello!
This is similar to issue #41
Expected behavior: Elaho should not execute JavaScript found in javascript: URIs. URL schemes should probably follow an allow-list, where only specific, known schemes are allowed and operated on (e.g. http,https, gemini,mailto, etc)
javascript:
http
https
gemini
mailto
Elaho will execute Javascript if when a user clicks a standard Gemtext link (
=> javascript:alert(555) hello!
)This is similar to issue #41
Expected behavior: Elaho should not execute JavaScript found in
javascript:
URIs. URL schemes should probably follow an allow-list, where only specific, known schemes are allowed and operated on (e.g.http
,https
,gemini
,mailto
, etc)