Hacker News new | past | comments | ask | show | jobs | submit login

This is just a self-XSS: https://en.wikipedia.org/wiki/Cross-site_scripting#Self-XSS

If it were a reflected XSS you could trigger it with something like https://whydoiprocrastinate.com/#%3Cscript%3Ealert%28%22this..., but I don't think this actually matters.

Sloppy programming, sure, but it isn't a real security issue.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: