Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
tptacek
on Dec 20, 2010
|
parent
|
context
|
favorite
| on:
XSS vulnerability found in Github
Totally academic debate. HttpOnly is a band-aid; being able to inject Javascript still lets me do almost anything that I'd ever want to do with that cookie in the future.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: