cassette icon indicating copy to clipboard operation
cassette copied to clipboard

Published 20 hours ago verified publisher icon vinz243

Security issue: reading tracker credentials by subscribing to tracker events

Open vinz243 opened this issue 7 years ago • 0 comments

It's currently possible to listen to tracker events, such as model::willupdate::tracker::* and then fetch trackers credentials. This needs to get fixed before 1.0 by:

  • Adding a flag to state, disableEvents: true that will prevent events.
  • Add a writeOut props to state which contains a list of props that should get written out before displaying.

vinz243 avatar Apr 27 '17 18:04 vinz243