Execution of non trusted JS inside Cesium Desktop process using user-defined links from Cesium+ profile
When a web page link from the Cesium+ profile of a member is clicked, the web page seems to be opened in a window of the Cesium application, allowing parsing of untrusted HTML/CSS and execution of untrusted JavaScript in the same process as Cesium.
I think this is a security risk as unhosted web apps do not isolate pages as well as mainstream navigators in order to gain performances and often lag behind updates. Malicious code could silently access a member’s private key using an exploit.
Cesium should open the pages in the user’s default navigator instead.
Example of clicking on a link opening a page with a script that calls alert()
when a button is clicked: