Y
Hacker News
new
|
ask
|
show
|
jobs
by
yen223
4401 days ago
What's the trivial solution to this? I also wound up hosting the malicious file on my personal server...
3 comments
trias
4401 days ago
data-uris also work: #data:text/javascript,alert('pwn')
link
aidos
4401 days ago
That's what I used too. Hosting scripts is far too much like hard work...
link
hrrsn
4401 days ago
There are apparently easier ways, but I just chucked an alert(); in my Dropbox public folder, did an //dl.dropboxusercontent.com/u/14XXX/xss.js as they serve both http and https.
link
joshschreuder
4401 days ago
I put a small gist up and hotlinked through githack.com
link