From e06caa9ca12a529460ba3d076c7c8c0cc8dcc8a3 Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Sat, 27 Aug 2016 00:13:56 +0100 Subject: [PATCH] mention not just a problem for Vector --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 85218394..0dc17b90 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Important Security Note We do not recommend running Vector from the same domain name as your Matrix homeserver. The reason is the risk of XSS (cross-site-scripting) vulnerabilities that could occur if someone caused Vector to load and render malicious user generated -content from a Matrix API which then had trusted access to Vector due +content from a Matrix API which then had trusted access to Vector (or other apps) due to sharing the same domain. We have put some coarse mitigations into place to try to protect against this situation,