Currently to avoid cross domain rules, embedded content on the wiki is copied via a PHP script and run in the page. This means any untrusted scripts on other parts of wetfish could lead to XSS vulnerabilities in the wiki.
To avoid this, iframes should be used to embed content and the frames would automatically resize using post messages.
Currently to avoid cross domain rules, embedded content on the wiki is copied via a PHP script and run in the page. This means any untrusted scripts on other parts of wetfish could lead to XSS vulnerabilities in the wiki.
To avoid this, iframes should be used to embed content and the frames would automatically resize using post messages.