Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
cetra3
on July 5, 2018
|
parent
|
context
|
favorite
| on:
Itty Bitty: Sites contained within their own links
If you're using this in your site as it stands, you are opening up XSS attacks as it does not appear to sanitise user input.
tantalor
on July 5, 2018
[–]
Only if you do something silly like serve cookies on that domain
comesee
on July 5, 2018
|
parent
[–]
I think this is ignoring the content of his warning and is a tautology.
"it's only opens up an attack if you allow the attack vector"
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: