Hacker News new | ask | show | jobs
by nly 4530 days ago
That page, and the linked browsersec pages on Google Code, are terrifying. Time to burn it all down and start from scratch.

I was particularly stunned to learn HTTP Cookie headers can clobber 'secure' cookies set over HTTPS. Eye-popping.
1 comments
wglb 4529 days ago
And to increase your terror, check out http://lcamtuf.coredump.cx/postxss/
link