Y
Hacker News
new
|
ask
|
show
|
jobs
by
TheDong
4002 days ago
RequestPolicy won't save you if the link is to a subdomain of vjs.zendcdn.net which is whitelisted, but also the site you're visiting.
1 comments
wtallis
4002 days ago
Right, if you get tricked into visiting the site then first-party scripts can run. But with XSS protection intact and RequestPolicy preventing any third-party access, the scope of possible attacks is pretty narrow.
link