Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Simple JavaScript Exploit That Nukes Google’s Password Alert
(
arstechnica.com
)
16 points
by
nabaraz
on May 1, 2015
|
hide
|
past
|
favorite
|
3 comments
nodesocket
on May 1, 2015
[–]
Couldn't Google just create a random element id? Instead of `warning_banner` do something like `warning_banner_x3vh2QiPm1`
tshadwell
on May 1, 2015
|
parent
|
next
[–]
Anything that adds to the DOM or uses the rebindable Javascript APIs is going to be detectable, anything more on Google's part is just security through obfuscation.
tyho
on May 1, 2015
|
parent
|
prev
[–]
The banner shouldn't be in the DOM to begin with, anything in the DOM can be removed by client side Javascript.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: