CKEditor 4.5.11 发布,可视化 HTML 编辑器
Fixed the target="_blank" vulnerability reported by James Gaskell.Issue summary: If a victim had access to a spoofed version of ckeditor.com via HTTP (e.g. due to DNS spoofing, using a hacked public network or mailicious hotspot), then when using a link to the ckeditor.com website it was possible for the attacker to change the current URL of the opening page, even if the opening page was protected with SSL.
页:
[1]