Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can see from the dialog windows, that he could inject javascript.


Actually the dialogs are JavaScript provided by Apple, e.g. that prompt() on first screenshot.


No it's not. Look at the address bar. He injected that image tag with a value that would cause an error (the x value as opposed to a valid image url) which triggers the onerror javascript to execute. In this case it prompts the user but it could have been anything really.


I think you completely missed my point. I am simply pointing out prompt()is provided by Apple just like alert() provided by JS itself.

Before coming to a conclusion that you can point to and say someone is wrong, please understand that not everyone here is a master of English.


prompt() is a built in JavaScript function just like alert(). It isn't Apple specific, that's my point.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: