You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Will be patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-src is required to be set to blob for the video player.
For more information
If you have any questions or comments about this advisory:
Impact
Inline scripts are executed when Javascript is parsed via a paste action.
<img src=null onerror=alert('hello')>
into thechat field.
Patches
Will be patched in 0.0.9 by blocking
unsafe-inline
Content Security Policy and specifying thescript-src
. Theworker-src
is required to be set toblob
for the video player.For more information
If you have any questions or comments about this advisory: