Hacker News new | ask | show | jobs
by lgas 4102 days ago
There don't even have to be scripts being served -- as long as HTML is being served over HTTP they can inject their own scripts.