Y
Hacker News
new
|
ask
|
show
|
jobs
by
inbx0
936 days ago
Then again, why bother with the tokens if you have XSS access as an attacker? I'd simply show the user a login prompt and take their password when they type it in.