|
|
|
|
|
|
by byproxy
110 days ago
|
|
|
> but this still allows arbitrary markup to the page (even <style> CSS rules) if I'm reading the docs correctly. If that's true, seems like it's still a security risk given what you can do with CSS these days: https://news.ycombinator.com/item?id=47132102 |
|
|
Or I guess you could completely restyle and change the text of UI elements so it looks like the user is doing one thing when they're actually doing something completely different like sending you money