Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
beefhash
on Dec 1, 2017
|
parent
|
context
|
favorite
| on:
Blocking Top-Level Navigations to Data URLs for Fi...
That requires that you know what you're doing, though. Non-technical people are probably more inclined to think along the lines of "huh, odd, but everything looks fine, so it's probably my fault it looks like that"
ascorbic
on Dec 1, 2017
[–]
In that case why bother with using a data url at all? They could just use "www.paypal.com.cgi-bin.webscr.xxxxxxxxx.myevilsite.com"
beefhash
on Dec 1, 2017
|
parent
[–]
That way, they don't have to bother with a domain registration, either. A domain registration is neither free of charge nor entirely free of risk.
code_duck
on Dec 3, 2017
|
root
|
parent
[–]
They could just create subdomains on a compromised domain they control belonging to someone else.
Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
