anubis-mirror/lib/anubis_test.go at b729adc6cbf78a1ae0daaf1db1ac12fb05d87200

mirror of https://github.com/TecharoHQ/anubis.git synced 2026-04-25 09:32:43 +00:00

Files

T

Xe Iaso a0a6b3f147 fix(lib): block XSS attacks via nonstandard URLs

This could allow an attacker to craft an Anubis pass-challenge URL that
forces a redirect to nonstandard URLs, such as the `javascript:` scheme
which executes arbitrary JavaScript code in a browser context when the
user clicks the "Try again" button.

Release-status: cut
Signed-off-by: Xe Iaso <me@xeiaso.net>

2025-07-24 13:54:33 +00:00

22 KiB

Raw Blame History

View Raw

22 KiB Raw Blame History

22 KiB

Raw Blame History