@micahlt oh wow this is unbelievable who could have forseen this
…foreseen what?
I exposed the app object.
Oh sorry, the image wasn't loading. Okay, so did you do it in a way that could be done via XSS?
No. But I might be able to in the future. You should add an option for a developer mode that enables this, and exposes send message and onmessage functions.
…foreseen what?
I exposed the app object.
Oh sorry, the image wasn't loading. Okay, so did you do it in a way that could be done via XSS?
No. But I might be able to in the future. You should add an option for a developer mode that enables this, and exposes send message and onmessage functions.