ThunderSon

So currently the PR is not activating the workflow successfully because of the token. To summarize the difference between PR and PRT: - `pull_request` -> grab the token from the...

I don't mind reviewing if you're up for the task. Otherwise, let me know if I can help in any other way.

The password is `anonymous@`

Hello! What's the status on this? #1402 follows on to add PKCE which is engulfed by this issue. The RFC update mentioned in here mainly discusses native apps, and discusses...

Hmmm, then this issue shall handle the technical knowledge, and the 1402 will handle the intent catcher **app**. I'd say to update the other issue a bit to just say...

Allow me to chime in. APIs are the main orchestrator for the type that gets returned. What the issue should clearly say is that "The client should not parse the...

I am tilted more towards the CSP solution: 1. Pushes for the adoption of CSP 2. If something is to look bad, it feels better contained in the browser 3....

This just came in today: https://portswigger.net/daily-swig/epub-vulnerabilities-electronic-reading-systems-riddled-with-browser-like-flaws Exactly what we are discussing, if we want to consider the endpoint returning the content to be our API at hand.

I'm going to use digits for every bit you're tackling so we can discuss them easier: 1. _JS injection_: Agreed 2. _JSON injection_: then the requirements should be elevated to...

wake up @kingthorin rbsec just created a new page 🔥 Had to use the meme template haha. I'll be reviewing this very soon/shortly! Thanks for sending it in :)