mention not just a problem for Vector
This commit is contained in:
parent
efc5462131
commit
e06caa9ca1
|
@ -26,7 +26,7 @@ Important Security Note
|
||||||
We do not recommend running Vector from the same domain name as your Matrix
|
We do not recommend running Vector from the same domain name as your Matrix
|
||||||
homeserver. The reason is the risk of XSS (cross-site-scripting) vulnerabilities
|
homeserver. The reason is the risk of XSS (cross-site-scripting) vulnerabilities
|
||||||
that could occur if someone caused Vector to load and render malicious user generated
|
that could occur if someone caused Vector to load and render malicious user generated
|
||||||
content from a Matrix API which then had trusted access to Vector due
|
content from a Matrix API which then had trusted access to Vector (or other apps) due
|
||||||
to sharing the same domain.
|
to sharing the same domain.
|
||||||
|
|
||||||
We have put some coarse mitigations into place to try to protect against this situation,
|
We have put some coarse mitigations into place to try to protect against this situation,
|
||||||
|
|
Loading…
Reference in New Issue