![]() ![]() ![]() Slack desktop on Windows, Production 4.29.Special characters in the header are escaped properly, and the title would show HashSet See HashSetType where Type is a broken link.Create an issue with title like HashSet.As a user, I'd expect the GitHub Slack bot to only link to the issue itself here. Then the resulting site requests the user to log in, and essentailly performs a MITM attack. For instance, you could create a link that seems like a PR title, but unexpectedly points to site other than GitHub: for instance would look like a link to an issue. This also has a minor security impact: you can replace the whole PR title and redirect user to another site. Many other formatting characters like * and ~ seem to be escaped correctly. Some special characters in PR titles are escaped.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |