Hello,
we found a very simple XSS voulnerability in the xpra HTML5 client. Demo: https://xpra.org/html5/connect.html?disconnect=%3Cimg%20src=x%20onerror=alert(%27hello%27);%3E
Patch file is attached.
Cheers!
Thanks, applied in r26077.
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2724