> You forgot to read the sentence before that Oh, yes, I did, sorry! I thought this was found in production code. I do support them publishing this and like I said: The code is audited to find exactly these kinds of…
So, the audit found (among other minor things) a pretty standard XSS vulnerability (on page 7) and lots of usages of `.innerHTML` which has been considered an insecure coding practice for eons. While errors always…
> You forgot to read the sentence before that Oh, yes, I did, sorry! I thought this was found in production code. I do support them publishing this and like I said: The code is audited to find exactly these kinds of…
So, the audit found (among other minor things) a pretty standard XSS vulnerability (on page 7) and lots of usages of `.innerHTML` which has been considered an insecure coding practice for eons. While errors always…