|
|
|
|
|
|
by vunie
2534 days ago
|
|
|
> That XSS should be fixed by the website, instead of that website owners neglecting the fix and assuming they're protected because the alert doesn't fire in Chrome. What if a website doesn't fix its XSS vulnerabilities and continues to spew attacker-controlled content? I don't think it will help users to base browser security on "shoulds". I've been taught that security should be built in layers. Removing a functioning albeit not perfect layer for no good reason is baffling to me. |
|
|