Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
imglorp
on Dec 9, 2016
|
parent
|
context
|
favorite
| on:
An exploit kit hiding in the pixels of malicious a...
This also sneaks past CORS. I'm thinking _that's_ a problem.
iancarroll
on Dec 9, 2016
[–]
Why do you think this bypasses CORS?
imglorp
on Dec 9, 2016
|
parent
[–]
Well, it bypasses the spirit, which was to exert some control over what got loaded into the browser via the back door. Now, malicious code can just come in the front door.
RodgerTheGreat
on Dec 9, 2016
|
root
|
parent
[–]
If anything it's a useful demonstration of how CORS is more theater than security for anything beyond the most trivial scenarios.
moosingin3space
on Dec 9, 2016
|
root
|
parent
[–]
I wonder how hard it would be to come up with a "containerization" mechanism for the web so as to separate scripts/resources better.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
