mirror of
https://github.com/SchildiChat/element-web.git
synced 2024-10-01 01:26:12 -04:00
mention not just a problem for Vector
This commit is contained in:
parent
efc5462131
commit
e06caa9ca1
@ -26,7 +26,7 @@ Important Security Note
|
|||||||
We do not recommend running Vector from the same domain name as your Matrix
|
We do not recommend running Vector from the same domain name as your Matrix
|
||||||
homeserver. The reason is the risk of XSS (cross-site-scripting) vulnerabilities
|
homeserver. The reason is the risk of XSS (cross-site-scripting) vulnerabilities
|
||||||
that could occur if someone caused Vector to load and render malicious user generated
|
that could occur if someone caused Vector to load and render malicious user generated
|
||||||
content from a Matrix API which then had trusted access to Vector due
|
content from a Matrix API which then had trusted access to Vector (or other apps) due
|
||||||
to sharing the same domain.
|
to sharing the same domain.
|
||||||
|
|
||||||
We have put some coarse mitigations into place to try to protect against this situation,
|
We have put some coarse mitigations into place to try to protect against this situation,
|
||||||
|
Loading…
Reference in New Issue
Block a user