Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

Yeah, that's all I've got. The only scenario protecting the unsophisticated here is that the malicious javascript (presumably) has to be delivered from some domain, and domain filtering is in full effect almost everywhere.

This API means that if a malicious JS can be executed, it's game over for a number of defenses that only communicate visually.



The domain where this is hosted would get added to the blacklist pretty quickly too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: