Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's a simple XSS example hack. Google should have filtered that out, but it's not that bad either (as long as they react fast).


While THAT may be an example of a SIMPLE attack, probably for the sake of showing off, what if "the goog" had exposed web services retrievable by Ajax for logged in users as part of AppEngine and THAT was exploited via the SIMPLE XSS hack?

It makes no sense. Why do we just brush stuff under the rug when it's Google or some other major player that's generally well liked?




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: