Y
Hacker News
new
|
ask
|
show
|
jobs
by
Sohcahtoa82
5 hours ago
HttpOnly makes it so XSS can't
steal
your token, but that won't stop XSS from
using
your token.