Hacker News new | ask | show | jobs
by buboard 2381 days ago
> They can't inject anything into the page

assuming that someone finds a way to sign a malicious Html page (e.g. by sneaking into the editors office) they can serve it from anywhere, and the browser will pretend it's coming from the bank
1 comments
echeese 2381 days ago
If someone's able to get the signing key you've already failed at security.
link