You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This means that links of the form, "//example.com/nasty.js" will always be accepted, essentially allowing links to whatever scheme to host page is served over. In practice, this means it's possible to link to http(s) content even if neither 'http' not 'https' are in allowedSchemes / allowedSchemesByTag.
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This means that links of the form, "//example.com/nasty.js" will always be accepted, essentially allowing links to whatever scheme to host page is served over. In practice, this means it's possible to link to http(s) content even if neither 'http' not 'https' are in allowedSchemes / allowedSchemesByTag.
The text was updated successfully, but these errors were encountered: