Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
Normal
First and foremost, if you ever believe there to be an exploitable security issue in any part of the software, then you must never report it in public for the protection of other customers.That said, I don't believe this is exploitable in normal use of the XF software:In the default software, we don't perform cross-domain AJAX requests, and in any case all AJAX requests performed through our built in wrapper always set the dataType.Although add-ons can and may deviate from this, if there is an exploitable issue then it should be reported (in private!) to the relevant author for them to address it.
First and foremost, if you ever believe there to be an exploitable security issue in any part of the software, then you must never report it in public for the protection of other customers.
That said, I don't believe this is exploitable in normal use of the XF software:
In the default software, we don't perform cross-domain AJAX requests, and in any case all AJAX requests performed through our built in wrapper always set the dataType.
Although add-ons can and may deviate from this, if there is an exploitable issue then it should be reported (in private!) to the relevant author for them to address it.
We use essential cookies to make this site work, and optional cookies to enhance your experience.
See further information and configure your preferences
