Hacker News new | comments | show | ask | jobs | submit login

There are other ways to get XSS bugs than bad html escaping. For example, if you redirect to a user-provided location, they can inject javascript and/or http headers.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: