Hacker News new | ask | show | jobs
by chc 4557 days ago
If it has to be inlined, how is that the same vulnerability? I thought the vulnerability was that script tags can fetch external scripts and a local script intercept the results. If you have to inline both scripts, you can only attack yourself.
1 comments
joev_ 4557 days ago
Sorry, used the wrong term. I mean it can be injected as a script tag into an xdomain site.
link