You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Yikes! I'm so embarrassed. My patch fails to resolve the XSS/Open-Redirect vulnerability. This second patch will fix it, and I've done much testing to confirm it. Please understand my mistake and implement this into the repository.
Dear @lsegal,
I apologize for the oversight regarding your library's XSS and Open-Redirect vulnerabilities. I acknowledge and accept full responsibility for this lapse in judgment. It was a regrettable mistake, and I deeply regret any inconvenience or concern it may have caused. My failure to patch these vulnerabilities thoroughly may have ended your trust in me. I understand the gravity of this situation and the impact it may have had on our professional relationship. Please know that I am genuinely remorseful and committed to rectifying the situation to the best of my abilities. In light of this, I have taken steps to address the vulnerabilities and have provided a suggested pull request (PR) for your consideration. Given the circumstances, I understand if you consider this suggestion with caution, and I respect your decision either way. Moving forward, I am dedicated to implementing more rigorous testing protocols to prevent such oversights in the future. Once again, I extend my deepest apologies for any inconvenience or disappointment caused. I am available to talk about this more whenever you get a chance and to collaborate on any necessary steps to ensure the security and integrity of your library. Thank you for your understanding and patience.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Yikes! I'm so embarrassed. My patch fails to resolve the XSS/Open-Redirect vulnerability. This second patch will fix it, and I've done much testing to confirm it. Please understand my mistake and implement this into the repository.
Proof-Of Concept
See the following pen for an example: https://codepen.io/Aviv-Keller/pen/mdgdmyW
#!:javascript:alert("XSS")Completed Tasks
bundle exec rakelocally (if code is attached to PR).