githubber
githubber
### Summary Validate user-supplied external URLs (http/https only) and guard all window.open calls with scheme checks and `noopener,noreferrer`. ### Motivation Unvalidated external URLs could allow `javascript:`/`data:` schemes to execute when...
### Summary Escape dynamic meta tag content in server-side HTML rewriting to prevent XSS. ### Root cause User-controlled title/description were injected into and via raw string replacement without escaping, allowing...
### Account URL https://marqov.1password.com/ ### Non-commercial confirmation - [x] No, this account won't be used for commercial activity ### Team application - [x] Yes, this application is for a team...