Y
Hacker News
new
|
ask
|
show
|
jobs
by
judofyr
4993 days ago
An attacker can just remove the <script>-tag that points to the HTTS-served verifier.
In general: If the site the user visits is plain HTTP then there's no way to trust the site.