Y
Hacker News
new
|
ask
|
show
|
jobs
by
varenc
184 days ago
Also the XSS exploit would have been dead in the water for any sites using CSP headers. Coinbase certainly uses CSP. With this in place an XSS vuln can't inject arbitrary JS.