How we kindly asked our users to update their app via an XSS attackby@devbook

How we kindly asked our users to update their app via an XSS attack

tldt arrow
Read on Terminal Reader🖨️

Too Long; Didn't Read

Devbook is a desktop app that allows developers to search Stack Overflow, official documentation, and code on GitHub. It's the first step in building a search engine for developers. We forgot to ship the auto-update functionality in the first version of Devbook. We injected our custom script to the onerror event listener on the <img/tag tag on the tag to get the update prompt. This means the HTML code isn't sanitized and we can use Electron's API to find out the version of the app.

Company Mentioned

Mention Thumbnail
featured image - How we kindly asked our users to update their app via an XSS attack
Devbook HackerNoon profile picture

@devbook

Devbook

react to story with heart

RELATED STORIES

L O A D I N G
. . . comments & more!
Hackernoon hq - po box 2206, edwards, colorado 81632, usa