CraSSh vulnerability?


(Markus) #1

Hi guys,
does someone know about CraSSh vulnerability of Discourse? Is this issue only a browser-side bug or is there any potential risk for modern web services like Discourse?

https://cras.sh/

Is there any recommendable security analysis site, to detect current issues by any kind of security issues? Like Qualys SSL Labs test?

Best!


(Kris) #2

This is limited to being browser-side unless you allow users to edit/add CSS (Discourse doesn’t allow it).