You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To reproduce this, the site must be served by a "real" webserver. With hugo server this issue is not reproducable.
If you have nodejs installed, you can reproduce it by generating your site with hugo and afterwards serving the content of your build with npx serve
If you load the URL http://localhost:5000/asdf'onmouseover='alert(origin)'/%2f../ in your browser, a hover over a headings copy-to-clipboard icon will open a message box.
To reproduce this, the site must be served by a "real" webserver. With
hugo server
this issue is not reproducable.If you have nodejs installed, you can reproduce it by generating your site with
hugo
and afterwards serving the content of your build withnpx serve
If you load the URL
http://localhost:5000/asdf'onmouseover='alert(origin)'/%2f../
in your browser, a hover over a headings copy-to-clipboard icon will open a message box.Thanks to @andrucha97 for pointing this out.
The text was updated successfully, but these errors were encountered: