Y
Hacker News
new
|
ask
|
show
|
jobs
by
wtallis
4013 days ago
Right, if you get tricked into visiting the site then first-party scripts can run. But with XSS protection intact and RequestPolicy preventing any third-party access, the scope of possible attacks is pretty narrow.