Current Implementation of Theme Plugin can Cause Critical Security Concern
stanleyowen opened this issue · comments
Stanley Owen commented
Description
The theme customization allows user to configure the theme dynamically, however it also allow hackers to inject malicious code which may cause critical security issue.
Steps To Reproduce
- Edit the theme file (*.js)
- Insert script such as
document.body.innerHTML = '';
- Run the script
Expected behavior
Users are able to customize the theme (via another approaches) without having any security concerns.
Xplorer Version
v0.1.0
Operating System Version
Windows 11 Version 21H2 (Build 22000.258)
Additional Information
It will be better if users could customize the theme via GUI like how windows 11 implement it.