Y
Hacker News
new
|
ask
|
show
|
jobs
by
airza
3295 days ago
Yes, but that gets passed to the server.
2 comments
sbarre
3295 days ago
It may get
logged
by the server but if it's designed to be parsed client-side, there may not be any server-side code examining or sanitizing that value before the SPA gets to it.
link
ghayes
3295 days ago
What about httsp://example.com/login#vulnerable-fragment
link
airza
3295 days ago
Yes, as i commented elsewhere in this thread that would be fine.
link