

Simple JavaScript Exploit That Nukes Google’s Password Alert - nabaraz
http://arstechnica.com/security/2015/04/30/behold-the-drop-dead-simply-exploit-that-nukes-googles-password-alert/

======
nodesocket
Couldn't Google just create a random element id? Instead of `warning_banner`
do something like `warning_banner_x3vh2QiPm1`

~~~
tshadwell
Anything that adds to the DOM or uses the rebindable Javascript APIs is going
to be detectable, anything more on Google's part is just security through
obfuscation.

