Y
Hacker News
new
|
ask
|
show
|
jobs
by
rlidwka
3999 days ago
If facebook allows you to put an arbitrarily large img tag onto any of the pages under its domain (so internal navigation could be hidden under it), then yes it is a valid attack vector.