Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Building A Browser Extension? Careful Not To Accidentally XSS the Whole Internet
(
tinfoilsecurity.com
)
4 points
by
pyotrgalois
on Dec 29, 2013
|
hide
|
past
|
favorite
|
1 comment
xyzzy123
on Dec 29, 2013
[–]
This is a genuine concern. The other risk is that you get XSS into a Chrome / privileged Javascript context, which is probably the simplest way to get reliable arbitrary code execution in e.g. Firefox.
See e.g:
http://www.defcon.org/images/defcon-17/dc-17-presentations/d...
[PDF warning]
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
See e.g: http://www.defcon.org/images/defcon-17/dc-17-presentations/d... [PDF warning]