NDevTK
NDevTK
A similar issue looks to exist with `document.referrer` leaks even with ``
Looks WAI per https://issues.chromium.org/40707801 although if baseURI every does get restricted might be worth looking into.
I think a hint box should be used here https://xsleaks.dev/docs/contributions/ There's also a message about this in https://xsleaks.dev/docs/attacks/navigations/#partitioned-http-cache-bypass Maybe tell people why the header is needed and why it's not...
The issue is that its not `their own` its `https://docs.flutter.dev` which is cross-site to the attackers page.
Popups are allowed by default in most browsers after user activation such as a click. (Avoids a website being able to spam the user with popups) In its self maybe...
I don't plan to work on this due to not being multilingual, help wanted :)
It should be secure by default :/ Reminds me of https://blog.mattbierner.com/vscode-webview-web-learnings/#sandbox Fix is https://github.com/microsoft/vscode/commit/c569182d081410046ee6e6938e960d1e83063612 which requires a server.