mention not just a problem for Vector

This commit is contained in:
Matthew Hodgson 2016-08-27 00:13:56 +01:00
parent efc5462131
commit e06caa9ca1
1 changed files with 1 additions and 1 deletions

View File

@ -26,7 +26,7 @@ Important Security Note
We do not recommend running Vector from the same domain name as your Matrix We do not recommend running Vector from the same domain name as your Matrix
homeserver. The reason is the risk of XSS (cross-site-scripting) vulnerabilities homeserver. The reason is the risk of XSS (cross-site-scripting) vulnerabilities
that could occur if someone caused Vector to load and render malicious user generated that could occur if someone caused Vector to load and render malicious user generated
content from a Matrix API which then had trusted access to Vector due content from a Matrix API which then had trusted access to Vector (or other apps) due
to sharing the same domain. to sharing the same domain.
We have put some coarse mitigations into place to try to protect against this situation, We have put some coarse mitigations into place to try to protect against this situation,