You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Due to the eval-like nature of this module, it's possible for externally fetched templates to introduce cross-site-scripting exploits.
To fix this, check the domain of the fetch URL against the site domain. Throw if they don't match. Alternatively, add a param called safe (default true) that -- when set to false -- will allow loading templates from other domains.
Changes
add throw if domain-other-than-origin
add 'safe' param to circumvent the check when set to false
The text was updated successfully, but these errors were encountered:
Due to the eval-like nature of this module, it's possible for externally fetched templates to introduce cross-site-scripting exploits.
To fix this, check the domain of the fetch URL against the site domain. Throw if they don't match. Alternatively, add a param called safe (default true) that -- when set to false -- will allow loading templates from other domains.
Changes
The text was updated successfully, but these errors were encountered: