The point is that it's an *arbitrary* user submitted script. In this case it was... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

desdiv on May 14, 2017 | parent | context | favorite | on: Proton.B: What this Mac malware does

The point is that it's an arbitrary user submitted script. In this case it was just the time, but it could have easily been a botnet command and control message or some other malicious content.

It's standard security practice to serve user submitted content on a separate domain, so I'm a little surprised that Google isn't following it.

ryanlol on May 14, 2017 [–]

>It's standard security practice to serve user submitted content on a separate domain, so I'm a little surprised that Google isn't following it.

But it is being served under googleusercontent.com?

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact