You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,7 +22,7 @@
22
22
-**Resource loading behavior (visualizer disabled mode)**: STIX Composer and standalone STIX visualizer now avoid loading visualizer-owned and bundled third-party resources when `CONFIG.visualizer.enabled` is `false`.
23
23
24
24
### Security
25
-
-**Iframe containment**: Embedded explorer/composer iframes now use sandbox containment (`allow-scripts allow-same-origin`).
25
+
-**Iframe containment**: Embedded explorer/composer iframes now use sandbox containment (`allow-scripts allow-same-origin allow-modals`).
26
26
-**Prototype pollution hardening**: Import parsing/sanitization now blocks dangerous keys (`__proto__`, `constructor`, `prototype`), uses safe JSON reviver parsing, null-prototype object collectors, and own-property checks in dynamic import field mapping.
0 commit comments