Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS exploit documentation is outdated #89

Open
agardnerIT opened this issue Oct 1, 2024 · 1 comment
Open

XSS exploit documentation is outdated #89

agardnerIT opened this issue Oct 1, 2024 · 1 comment
Labels
bug Something isn't working documentation Improvements or additions to documentation

Comments

@agardnerIT
Copy link

The XSS exploit documentation reads like:

  • I login as user1 eg. admin and add the <button> to my profile
  • I am redirected back to my profile and shouldn't see the button
  • A different user eg. user2 visits my profile and can see the button

However, at step 2, I can see my own button?

image

@agardnerIT agardnerIT added the bug Something isn't working label Oct 1, 2024
@W3D3
Copy link
Contributor

W3D3 commented Oct 3, 2024

Good catch, you're right, the docs are outdated.
Previously you would just see your bio in the text field to edit and it would not get rendered.
We silently changed that a while ago because it was so annoying to switch users to show off the XSS / see how the bio gets rendered.

@W3D3 W3D3 changed the title XSS exploit documentation correct? XSS exploit documentation is outdated Oct 3, 2024
@W3D3 W3D3 added the documentation Improvements or additions to documentation label Oct 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working documentation Improvements or additions to documentation
Projects
None yet
Development

No branches or pull requests

2 participants