|
|
|
|
|
|
by floil
2785 days ago
|
|
|
Moreover, github.io is in the public suffix list, so it is effectively a TLD (foo.github.io is a different site from bar.github.io; they can't become same origin by means of document.domain). The risk of eval() is giving control of the site data of foo.github.io to the author of a stackoverflow comment. The warning is part of the fun, though. |
|
|