Y
Hacker News
new
|
ask
|
show
|
jobs
by
leonk
2758 days ago
The method for the BA hack was
not
from javascript hosted externally. See
https://medium.com/asecuritysite-when-bob-met-alice/the-brit...
1 comments
strictnein
2758 days ago
Yep, was going to say exactly this.
All the SRI, CSP, etc is great, but if you can't control your own site you're screwed regardless.
link
All the SRI, CSP, etc is great, but if you can't control your own site you're screwed regardless.