Y
Hacker News
new
|
ask
|
show
|
jobs
by
malcolmhere
3759 days ago
Oh wow. Would love to know you did that. :-o
2 comments
Chris_Newton
3759 days ago
I feel like I’m posting a spoiler here, but... Think what happens if the user’s “e-mail address” happens to start with:
"/><script>
link
TACIXAT
3758 days ago
Just put a script in the username field, sorry if that wasn't clear.
<script>alert(0)</script>
All the live updating that module does, I figured there might be some code injection.
link