1
I would like to ask for advises for open source self hosted alternatives that collect location data quietly in background. Here are what I've found:
https://github.com/traccar/traccar (server, client)
https://github.com/mendhak/gpslogger (client)
https://github.com/home-assistant (server, has location tracking integration)
https://github.com/owntracks (server, client)
https://github.com/Freika/dawarich (server)
https://github.com/aaronpk/Overland-iOS (iOS client)
https://github.com/OpenHumans/overland_android (Android client, inactive)
https://github.com/aaronpk/Compass (server)
https://github.com/julien-nc/phonetrack (web client, use Nextcloud as server)
Thanks!
I recently identified a potential XSS injection target. When users navigate to a specific piece of content using the plugin, malicious code could be executed by their browser. This allows the possibility of cookies being stolen or other malicious activities. I have reported in their issue tracker[2].
Example:
<button onmouseover=alert(123)><img src="/404" onerror=alert(789)>im a button<script>alert(456)</script></button>
Suggestions:
- For Immersive-Translate users: Until this issue is fixed, I recommend disabling the default translation of Hacker News content and only translating content that has been manually reviewed.
- For Hacker News admins: To mitigate this risk, you might consider adding a `Content-Security-Policy` header in the server responses or including a `<meta http-equiv="Content-Security-Policy" content="xxx">` tag in the HTML `<head>` section.
[2]: https://github.com/immersive-translate/immersive-translate/issues/2022