|
|
|
|
|
|
by eldridgea
2087 days ago
|
|
|
There are a few areas of concern here: First, getting authentic data from the provider so that you know what they published is what you're reading. But also links and embedded links/scripts. Since HTTP can be (relatively) trivially MITMd, it not only exposes end users to getting manipulated info, but also, having them running Javascript that's not what the site owner intended. In fact that's exactly how China attacked GitHub recently:
https://threatpost.com/github-attack-perpetrated-by-chinas-g... |
|
|