forked from matrix/element-web
mention not just a problem for Vector
This commit is contained in:
parent
efc5462131
commit
e06caa9ca1
|
@ -26,7 +26,7 @@ Important Security Note
|
|||
We do not recommend running Vector from the same domain name as your Matrix
|
||||
homeserver. The reason is the risk of XSS (cross-site-scripting) vulnerabilities
|
||||
that could occur if someone caused Vector to load and render malicious user generated
|
||||
content from a Matrix API which then had trusted access to Vector due
|
||||
content from a Matrix API which then had trusted access to Vector (or other apps) due
|
||||
to sharing the same domain.
|
||||
|
||||
We have put some coarse mitigations into place to try to protect against this situation,
|
||||
|
|
Loading…
Reference in New Issue