|
|
|
|
|
|
by jbarrs
981 days ago
|
|
|
>Posts of unknown authorship have a disclaimer at the top of the page. Problem is, the posts can contain <script> elements. So it's easy to just write a little JavaScript that removes the disclaimer at the top. See this hastily-made, immature example of mine: https://joshcsimmons.com/post/H4sIABO8LmUC/3VT0W7aQBB85yu2QV... As it stands, this really isn't the most secure system. Something much more malicious could be injected into this! |
|
|