Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS to RCE - re-opened #26

Open
silviavali opened this issue Dec 5, 2017 · 1 comment
Open

XSS to RCE - re-opened #26

silviavali opened this issue Dec 5, 2017 · 1 comment

Comments

@silviavali
Copy link

Hello,

Why would you close an issue, without any information on the decision why you have marked it invalid?
#25

You have a nice blog post about the electorn-markdownify, and I think its is a good application. It would be a pity if you just leave the security issue in there and allow people to keep using it.

Please do check the security checklist for Electron to be aware of the consequences of code execution in Electron applications due to XSS.
https://www.blackhat.com/docs/us-17/thursday/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf

In 90 days I'd disclose information on the issue, so I'm hoping for your collaboration in fixing the issue prior.

Thanks
@amitmerchant1990
Copy link
Owner

Hey @silviavali

Please send the report to [email protected]
I'll take a look at it and will try to fix the same. Sorry for the very late follow up.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@amitmerchant1990 @silviavali