chylex/Nextcloud-News
1
0
Fork 0
mirror of https://github.com/chylex/Nextcloud-News.git synced 2025-04-25 20:15:47 +02:00
Code

Add missing comma

Browse Source 
Signed-off-by: Dario Cambié <dario.cambie@glasgow.ac.uk>
This commit is contained in:
Dario Cambié 2020-06-26 17:55:41 +01:00 committed by Benjamin Brahmer
parent 2eaf8c81ba
commit 066fe69219
1 changed files with 1 additions and 1 deletions

2
docs/faq/README.md
View File

@ -27,7 +27,7 @@ Since an attacker can not execute code in contrast to mixed active content, but
#### Why don't you simply use an HTTPS image/audio/video proxy
For the same reason that we can't fix non HTTPS websites: It does not fix the underlying issue but only silences it. If you are using an image HTTPS proxy, an attacker can simply attack your image proxy since the proxy fetches insecure content. **Even worse**: if your image proxy serves these images from the same domain as your Nextcloud installation you [are vulnerable to XSS via SVG images](https://www.owasp.org/images/0/03/Mario_Heiderich_OWASP_Sweden_The_image_that_called_me.pdf). In addition people feel safe when essentially they are not.
For the same reason that we can't fix non HTTPS websites: It does not fix the underlying issue but only silences it. If you are using an image HTTPS proxy, an attacker can simply attack your image proxy since the proxy fetches insecure content. **Even worse**: if your image proxy serves these images from the same domain as your Nextcloud installation you [are vulnerable to XSS via SVG images](https://www.owasp.org/images/0/03/Mario_Heiderich_OWASP_Sweden_The_image_that_called_me.pdf). In addition, people feel safe when essentially they are not.
Since most people don't understand mixed content and don't have two domains and a standalone server for the image proxy, it is very likely they will choose to host it under the same domain.