How we kindly asked our users to update their app via an XSS attack

Written by devbook | Published 2021/03/25
Tech Story Tags: programming | javascript | software-development | productivity | security | web-development | good-company | xss-attack

TLDR Devbook is a desktop app that allows developers to search Stack Overflow, official documentation, and code on GitHub. It's the first step in building a search engine for developers. We forgot to ship the auto-update functionality in the first version of Devbook. We injected our custom script to the onerror event listener on the <img/tag tag on the tag to get the update prompt. This means the HTML code isn't sanitized and we can use Electron's API to find out the version of the app.via the TL;DR App
no story
Written by devbook | Devbook is a search engine for developers
Published by HackerNoon on 2021/03/25
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy