A couple of days ago, a video was circulated online that claimed ProtonMail is susceptible to a XSS (cross site scripting) issue which raised some concerns among ProtonMail users. We want to clarify that this does not impact the current version of ProtonMail.
ProtonMail is constantly making security improvements through our beta process and we appreciate all the assistance we have received from the community in helping us make ProtonMail better. The concept of encrypting on the client side is a relatively new one and comes with its own security challenges which we are working diligently to tackle.
The ProtonMail security team has reviewed the video and confirmed that this particular security issue is not present on the live version of ProtonMail. The video is showing an earlier development version of ProtonMail that was originally released on May 10th, 2014 for limited testing, and is not used in the current production systems.
We are supportive of all efforts to improve the security of ProtonMail and appreciative of our security contributors. Security inquiries can always be directed to firstname.lastname@example.org