howieye opened this issue 9 years ago · 0 comments
window.location.href = domain; the variable domain is from url query string, it can easily be phishing attacks.