kimlimjustin / xplorer

Xplorer, a customizable, modern file manager

Home Page:https://xplorer.space/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Current Implementation of Theme Plugin can Cause Critical Security Concern

stanleyowen opened this issue · comments

Description

The theme customization allows user to configure the theme dynamically, however it also allow hackers to inject malicious code which may cause critical security issue.

Steps To Reproduce

  1. Edit the theme file (*.js)
  2. Insert script such as document.body.innerHTML = '';
  3. Run the script

Expected behavior

Users are able to customize the theme (via another approaches) without having any security concerns.

Xplorer Version

v0.1.0

Operating System Version

Windows 11 Version 21H2 (Build 22000.258)

Additional Information

It will be better if users could customize the theme via GUI like how windows 11 implement it.