Hacker News new | past | comments | ask | show | jobs | submit login

This is not really a security hole. It's the intended behavior. Web developers (should) know that they are exposing all user behavior to the third-party code they bring in. The solution is to "no do that", but developers tend to choose convenience over safety, as do their clients, as do their clients users.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact