Brave Software: XSS on Brave Today through custom RSS feed

A vulnerability was discovered in Brave iOS's custom RSS feed feature that allowed for cross-site scripting XSS attacks. Attackers could add a malicious RSS feed containing a javascript: URL, which could execute arbitrary code when a user clicked on a link in Brave Today. The vulnerability was...