|
|
|
|
|
|
by maxjus
4399 days ago
|
|
|
Interestingly, modern WebKit browsers include an "XSS auditor" that will refuse to run javascript sent in the request that loaded the page. It's pretty good (and open-source), so figuring out a way to have XSS without hitting the auditor is a big win for the attacker. |
|
|