|
|
|
|
|
|
by jpxxx
4996 days ago
|
|
|
Yeah, that's all I've got. The only scenario protecting the unsophisticated here is that the malicious javascript (presumably) has to be delivered from some domain, and domain filtering is in full effect almost everywhere. This API means that if a malicious JS can be executed, it's game over for a number of defenses that only communicate visually. |
|
|