Y
Hacker News
new
|
ask
|
show
|
jobs
by
sublinear
1281 days ago
A doesn't work because B doesn't prevent the attacker from regexing out the hash altogether and changing the domain name in the tags to their own.