Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(security): remove XSS vulnerability in
returnUrl
query param
The `returnUrl` query parameter can be used to execute malicious code. For example, visiting `http://localhost:9876/?return_url=javascript:alert(document.domain)` will display an alert.
- Loading branch information