|
|
|
|
|
|
by spez
6965 days ago
|
|
|
-- "almost everything" is a bit of an overstatement, I think. Well the rest of the Internet disagrees with you. --would be more accurate. Yet you continue to claim reddit doesn't "validate input in any text boxes on the site." --creator of reddit found the same exact exploit months ago No. The exploit on YC news was an XSS exploit in link submissions that allowed me to run javascript on any YC user's client. --textbook XSS exploit. Hardly. There was no hidden JS, which is the defining characteristic of an XSS exploit. Certainly we shouldn't allow JS links, but making the claims you have are nothing more than a bogus stretch for attention. Congrats on receiving it... |
|
|