Hacker News new | past | comments | ask | show | jobs | submit login

You can steal cookies with XSS?



Yes. That's why XSS is such a serious security problem. And even if you can't steal cookies, you can still do nasty things like re-target the login form's action to point at your own server and hence steal people's passwords.



document.cookie, wow... Guess you learn something new every day. For those interested, this has a good explanation:

http://www.quirksmode.org/js/cookies.html




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: