Kong
Default target option when using targets=all
When using a comma separated list of all the desired targets (e.g., targets=php:curl,php:http1,php:http2,javascript:jquery,javascript:xhr,shell:curl,shell:wget,shell:httpie), some browser extensions, such as the Netcraft Extension for Google Chrome, will report the iFrame as a suspected XSS attack:
If we change the source URL to use targets=all, the Netcraft Extension doesn't complain, however we then have no way of specifying a default target, so we end up with the default of C, which for our particular use-case doesn't make sense (we'd like to use php:curl as the default):
If there was another option, e.g., default-target, that could be used in conjunction with targets=all, then we could specify targets=all&default-target=php:curl, so that PHP would be the default option selected in the widget.
issues described here:
- [ ] add option to specify default target when using
all - [ ]
Netcraftsees this asn XSS attack (possibly because of JavaScript snippet)
