[ronilan]

Kids, watch and learn.

Let’s pull some rabbits out of thin air again.

But first disclaimer - I’m not saying this is why the extension was developed, or, that this is the reason OP points the vulnerability. I’m 99.999% certain this is a random case, but it is a good learning case nonetheless.

Rabbits.

Sometime in life people say things they regret. Or, they don’t regret, but their self interest is better served if no one knew they said said thing, or it is that they just worry Harvey might be offended and their career path will be ruined, so it better be taken back.

But... yak... what’s done is done.

What can you do?

Cry?

No. Rabbits!

Wouldn’t it be nice if some browser extension published on HN would have some fault that would allow someone else to post using my logged-in account?

So see, I didn’t post that comment.

It was the XSS!!!1

(Or the rabbit)