v5.0.2
v5.0.1 Changes
- [fix] Fix XSS-vulnerability on SearchPage where URL param 'address' was exposed directly to
schema, which is just a script tag: <script type="application/ld+json">. On server-side, this
could leak malformed HTML through to browsers and made it possible to inject own script tags.
However, CSP prevents any data breach: injected js can't send data to unknown 3rd party sites.
NOTE: Check that REACT_APP_CSP
is in block mode on your production environment. You can read more
from Flex docs: https://www.sharetribe.com/docs/guides/how-to-set-up-csp-for-ftw/
#62
- [fix] Add missing translation key EditListingDescriptionPanel.createListingTitle and change link
name in UserNav. #62