CSWH + CWE #436
CSWH + CWE #436
Conversation
- Add term CSWH for the exploit - Add reference to CWE
Also the acronym doesn't appear to match the name/title you've provided. |
Ah, ok. thanks. Please update the PR template then. It's not transparent, especially if you're coming from the web site which invites you to click on the github link.
? CSWH is in the title and in the content. |
|
One last thing, this an off topic: The links should be updated to https where possible in this and other repos: Probably that can be automated somehow like when curl hits a 30x and a location header with https, https should be fine. |
|
I'll definitely tweak the template. Seems the comment workflow is busted too. Is it just me or doesn't CWSH make more sense than CSWH? If it's cross origin websocket hijacking then what's the S in CSWH.... at least the other way it's the S in WebSocket.... Ummm unless it's Cross site Websocket Hijacking??? |
|
We don't update any of the versioned content, it's as-is at time of tag/release. I believe everything (or awfully close) in "latest" should be using https. (There may be examples that haven't been updated but actual links should have been.) |
|
Most used nowadays is CSWH . Cross-Site ! |
|
Okay, if you’re going to resubmit on the other repo then please use that vs cross origin |
Up to you, YMMV. But looking at the offending links (you have a lot like attackers/victims etc. which I am not referring to) I feel ashamed. |
|
PR on the other site comes tomorrow morning CET |
|
Hmmm the template is up-to-date. |
|
….it doesn’t render as markdown though. I’ll see if I came make it more clear somehow. |
Which branch would be that? At github I could only find v4.2