Y
Hacker News
new
|
ask
|
show
|
jobs
by
vlovich123
2787 days ago
This still feels vulnerable to XSS. Better would be to have browsers provide an API to do this so that $site is trusted.
The downside is not a tiny bit of computation time. It's also increased latency for the customer.