Content pfp
Content
@
0 reply
4 recasts
4 reactions

Varun Srinivasan pfp
Varun Srinivasan
@v
@nickcherry uncovered a gnarly js issue while trying to lift same-origin restrictions on frame redirects. its appears unsafe to open a new browser window with an unsanitized url. if the url was javascript:console.log("wowow")), it executes inside the current sandbox, not the new window!
1 reply
0 recast
12 reactions

Varun Srinivasan pfp
Varun Srinivasan
@v
this seems to happen if you use window-location-href or window-open in major browsers. it does not appear to affect <a> tags as badly. the impact on react native environments is also not clear at this point.
2 replies
0 recast
0 reaction

Nick Cherry pfp
Nick Cherry
@nickcherry
RN is immune for the record, what a champ
0 reply
0 recast
0 reaction