Y
Hacker News
new
|
ask
|
show
|
jobs
by
ejcx
3907 days ago
You might not need a whole iframe. Why not just an img tag like a regular cross site request forgery over GET.
If the WHO isn't logged with any js Magic it will work all the same.