From 758f43e593245610eab43a8cd409509dd1a7353b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 24 Jan 2023 10:06:47 +0100 Subject: [PATCH] Update DISCLAIMER.md --- doc/DISCLAIMER.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 22d6e95..fde090f 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -9,7 +9,7 @@ This application support the SSO. If you want to use the SSO, you need to define ### Important Security Note We do not recommend running Element from the same domain name as your Matrix -homeserver (Synapse). The reason is the risk of XSS (cross-site-scripting) +homeserver (Synapse). The reason is the risk of XSS (cross-site-scripting) vulnerabilities that could occur if someone caused Element to load and render malicious user generated content from a Matrix API which then had trusted access to Element (or other apps) due to sharing the same domain.