sophie/nuke
1
0
Fork 0
Code Packages 1 Activity Actions
nuke/.github
History
Xe Iaso d40e9056bc
fix(lib): block XSS attacks via nonstandard URLs (#904) 
* fix(lib): block XSS attacks via nonstandard URLs

This could allow an attacker to craft an Anubis pass-challenge URL that
forces a redirect to nonstandard URLs, such as the `javascript:` scheme
which executes arbitrary JavaScript code in a browser context when the
user clicks the "Try again" button.

Release-status: cut
Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-07-24 14:05:00 +00:00
..
actions/spelling fix(lib): block XSS attacks via nonstandard URLs (#904) 2025-07-24 14:05:00 +00:00
workflows build(deps): bump the github-actions group with 2 updates (#871) 2025-07-20 20:54:50 -04:00
dependabot.yml dependabot: enable (#189) 2025-04-02 00:09:46 -04:00
FUNDING.yml .github/funding: add GitHub sponsors 2025-04-17 23:48:36 -04:00
PULL_REQUEST_TEMPLATE.md move pull request template to a hidden folder 2025-04-07 17:36:29 -04:00
zizmor.yml zizmor: add config file to silence unpinned-uses of Homebrew/actions (#441) 2025-05-05 01:22:36 +00:00