Hacker News new | past | comments | ask | show | jobs | submit login

I wonder what are implications of having XSS on .google.com these days? All auth cookies are likely to be http-only, so probably not a serious vulnerability?



http://lcamtuf.coredump.cx/postxss/

It's a good writeup about the post-xss world and what kind of attacks are still exist.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: