Skip to content
This repository was archived by the owner on May 12, 2026. It is now read-only.

Fix XSS vulnerability after PDF export (issue #3178)#3192

Merged
Rokt33r merged 1 commit into
BoostIO:masterfrom
AWolf81:fix-xss-pdf-issue
Aug 24, 2019
Merged

Fix XSS vulnerability after PDF export (issue #3178)#3192
Rokt33r merged 1 commit into
BoostIO:masterfrom
AWolf81:fix-xss-pdf-issue

Conversation

@AWolf81

@AWolf81 AWolf81 commented Jul 31, 2019

Copy link
Copy Markdown
Contributor

Description

Disabled Javascript in the hidden printout electron window. We're currently not using Javascript in that Window, so it's OK to disable it.

If we would require JS later, we could also do sandboxing. But disabling is OK for now.

Issue fixed

#3178

Type of changes

  • 🔘 Bug fix (Change that fixed an issue)
  • ⚪ Breaking change (Change that can cause existing functionality to change)
  • ⚪ Improvement (Change that improves the code. Maybe performance or development improvement)
  • ⚪ Feature (Change that adds new functionality)
  • ⚪ Documentation change (Change that modifies documentation. Maybe typo fixes)

Checklist:

  • 🔘 My code follows the project code style
  • ⚪ I have written test for my code and it has been tested
  • 🔘 All existing tests have been passed
  • ⚪ I have attached a screenshot/video to visualize my change if possible
@AWolf81 AWolf81 changed the title Fix XSS vunerability after PDF export (issue #3178) Jul 31, 2019
@Flexo013 Flexo013 added the awaiting review ❇️ Pull request is awaiting a review. label Aug 1, 2019

@ZeroX-DG ZeroX-DG left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works fine on my machine 🎉

@ZeroX-DG ZeroX-DG added approved 👍 Pull request has been approved by sufficient reviewers. needs extra review 🔎 Pull request requires review from an additional reviewer. and removed awaiting review ❇️ Pull request is awaiting a review. approved 👍 Pull request has been approved by sufficient reviewers. labels Aug 2, 2019
@ZeroX-DG ZeroX-DG requested a review from Rokt33r August 2, 2019 23:51
@Rokt33r Rokt33r removed the needs extra review 🔎 Pull request requires review from an additional reviewer. label Aug 24, 2019
@Rokt33r Rokt33r added this to the v0.13.0 milestone Aug 24, 2019
@Rokt33r Rokt33r merged commit 857e755 into BoostIO:master Aug 24, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

4 participants