|
|
|
|
|
|
by captainmuon
3243 days ago
|
|
|
Well, I would not make that feature available from an included script from a third party domain, so XSS would not be an issue. I would make something like privileged application bundles that you had to authorize first - just like you have to install native apps. I know some people just click OK on everything, but there is no remedy to that other than giving up and not allowing general-purpose networking at all. Also, people already exploit XSS for DDOS-ing, although not via UDP, but TCP/HTTP. Granted, you can possibly make a worse attack if you have UDP. |
|
|