YunoHost-Apps/element_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/element_ynh.git synced 2024-09-03 18:36:08 +02:00
Code Issues Activity Actions

Update ADMIN.md

Browse source
This commit is contained in:
ericgaspar 2023-02-15 07:41:31 +01:00
parent ec68d12bfe
commit 63c8872c63
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/ADMIN.md
View file

@ -1,5 +1,5 @@
Important Security Note
### Important Security Note
We do not recommend running Element from the same domain name as your Matrix homeserver (Synapse). The reason is the risk of XSS (cross-site-scripting) vulnerabilities that could occur if someone caused Element to load and render malicious user generated content from a Matrix API which then had trusted access to Element (or other apps) due to sharing the same domain.
We have put some coarse mitigations into place to try to protect against this situation, but it's still not good practice to do it in the first place. See vector-im/element-web#1977 for more details.
We have put some coarse mitigations into place to try to protect against this situation, but it's still not good practice to do it in the first place. See https://github.com/vector-im/riot-web/issues/1977 for more details.