Vulnerable to XSS
ngyikp opened this issue · comments
Inspired by https://twitter.com/_r3ggi/status/1265629984753844225
I did a quick check with <img src=1 onerror=document.documentElement.textContent=window.location>.ipa
and looks like the XSS works: