Hacker News new | past | comments | ask | show | jobs | submit login

The trustworthiness of the domain name would effectively be stolen.



I disagree. It's more similar to how you can "inject" your scripts into fiddle.jshell.net (via JSFiddle), googleusercontent.com (via Google Translate), etc.

Have a look at https://fiddle.jshell.net/pvcL4mjh/1/show/light/

Would you call that XSS / did I just steal JSFiddle's trustworthiness?


That's a fair point.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: