You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SamuelHassine opened this issue
Apr 10, 2024
· 2 comments
· Fixed by #8591
Assignees
Labels
buguse for describing something not working as expectedsolveduse to identify issue that has been solved (must be linked to the solving PR)uifor scope limited to UI change
Even though there's a confirmation pop up that appears when trying to click on the URL, it seems indeed safer to avoid making it clickable and instead let the user copy/pasting the url if the user wishes to navigate to the url.
Same security issue with "default descriptions" associated to indicators created from the option "Create an indicator from this observable".
Example: Create an observable of type "Domain" with a value like "www.mydomain.com" and select "Create an indicator from this observable". On the newly created indicator, the value of the domain is clickable in the description.
: `Simple indicator of observable {${indicatorName}}`,
I think it would be better to delete this default description.
Jipegien
changed the title
When having a trigger covering URLs, URL is clickable in the notification
When having a trigger covering URLs or an Indicator genreated from an URL Observable, URL is clickable in the notification or the description
Jun 13, 2024
buguse for describing something not working as expectedsolveduse to identify issue that has been solved (must be linked to the solving PR)uifor scope limited to UI change
Description
When having a trigger covering URLs, URL is clickable in the notification
This can be malicious!
=> In the notification content, continue to parse markdown, but put an exception on URL automatic parsing.
The text was updated successfully, but these errors were encountered: