Hacker News new | ask | show | jobs
by jlblatt 4086 days ago
It seems hit or miss so far- Shardj just pointed out that https:// doesn't seem to crash at all.
1 comments
chrisfosterelli 4086 days ago
That might make sense, since I'm seeing the same behaviour but have SSL enabled for Reddit.
link
jlblatt 4086 days ago
Could be. My concern is:

1) Most people don't have SSL enabled for most (if any) sites that are optional.

2) Most normal users are using the standard build for MacOS/Win, not the dev channel, and not Linux.

3) This requires no XSS or anything remotely tricky. Just a couple hundred bytes of HTML, and that's it.

4) Most web forum filters and formatting code (including Markdown) let this thru just fine.

Maybe I'm blowing it out of proportion, but if you wanted to be a jerk to a whole lot of people very easily, you probably could.

EDIT: Grammar

link
chrisfosterelli 4083 days ago
Oh, for sure. There are plenty of attack vectors for this sort of thing, I just find the SSL behaviour interesting.
link