Add latest changes from gitlab-org/gitlab@14-3-stable-eev14.3.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-09-20 13:18:24 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-09-20 13:18:24 +0000
commit: 0653e08efd039a5905f3fa4f6e9cef9f5d2f799c (patch)
tree: 4dcc884cf6d81db44adae4aa99f8ec1233a41f55 /doc/development/secure_coding_guidelines.md
parent: 744144d28e3e7fddc117924fef88de5d9674fe4c (diff)
download: gitlab-ce-0653e08efd039a5905f3fa4f6e9cef9f5d2f799c.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/doc/development/secure_coding_guidelines.md b/doc/development/secure_coding_guidelines.md
index fc60c1d7d7f..0f13b8ecae9 100644
--- a/doc/development/secure_coding_guidelines.md
+++ b/doc/development/secure_coding_guidelines.md
@@ -295,6 +295,8 @@ The injected client-side code is executed on the victim's browser in the context
 
 Much of the impact is contingent upon the function of the application and the capabilities of the victim's session. For further impact possibilities, please check out [the beef project](https://beefproject.com/).
 
+For a demonstration of the impact on GitLab with a realistic attack scenario, see [this video on the GitLab Unfiltered channel](https://www.youtube.com/watch?v=t4PzHNycoKo) (internal, it requires being logged in with the GitLab Unfiltered account).
+
 ### When to consider?
 
 When user submitted data is included in responses to end users, which is just about anywhere.
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-09-20 13:18:24 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-09-20 13:18:24 +0000
commit	0653e08efd039a5905f3fa4f6e9cef9f5d2f799c (patch)
tree	4dcc884cf6d81db44adae4aa99f8ec1233a41f55 /doc/development/secure_coding_guidelines.md
parent	744144d28e3e7fddc117924fef88de5d9674fe4c (diff)
download	gitlab-ce-0653e08efd039a5905f3fa4f6e9cef9f5d2f799c.tar.gz