Y
Hacker News
new
|
ask
|
show
|
jobs
by
matthavener
4763 days ago
If someone can host arbitrary html and js on the *.github.com domain, they can set cookies for github.com. See
http://homakov.blogspot.com/2013/03/hacking-github-with-webk...