Feature request: XSS attack protection

Eol · June 1, 2021, 9:10am

Hi, I’m new to Anki, and thanks for the great app. It has helped me a lot.

But it seems that the cards are vulnerable to XSS attacks. A user is easily attacked just by importing a malicious deck.

An option to disable JavaScript execution would be very helpful. Thanks for considering.

dae · June 2, 2021, 8:36am

Anki does take some steps to limit the damage malicious JS could do - JS has access only to a small API outside of the webview, and AnkiWeb runs it on a separate domain. But having said that, an option to disable JS completely may well come in the future.

Topic		Replies	Views
Custom app for eink device using AnkiWeb Development	5	421	January 12, 2024
[Idea and Feature Request] Cross platform JavaScript Addons Support Development	2	391	May 1, 2023
"reviewExtra" for plattform-independent insertion of JavaScript in the Reviewer Suggestions	2	509	October 23, 2020
Is it somehow possible to allow the user of my app to create cards with AnkiConnect, but without the need to install this addon and have the anki running in order to create cards? Anki Desktop	1	204	May 9, 2023
Jisho Kanji Stroke Order [Official Support Thread] Add-ons	1	346	December 1, 2023

Feature request: XSS attack protection

Related Topics