Y
Hacker News
new
|
ask
|
show
|
jobs
by
Snetry
147 days ago
the issue isn't that a user can be convinced into running `console.log(“<script>hackMe()</script>”)` but that `console.log(creep.name)` may execute hackMe() without you expecting it.