Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unexpected hyperlink in README.md preview #360

Open
backcover7 opened this issue Nov 16, 2021 · 0 comments
Open

Unexpected hyperlink in README.md preview #360

backcover7 opened this issue Nov 16, 2021 · 0 comments

Comments

@backcover7
Copy link

Some git repo will insert an internal hyperlink that points to a file of the repo. For example. somefile
But astral concatenate the internal hyperlink as a URL path with the domain name of astralapp.

You can try to add links like the following into the README.md.
export

signout

revoke

Then click the link in the preview part in the astral app, you will at last access the internal API of astralapp and do something out of expectation. I tried to add the link of "DELETE ACCOUNT" to make things more critical but the DELETE ACCOUNT API is using DELETE method when requesting HTTP. So, it's not a big deal in the security field but it's actually an unexpected design.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant