Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
tptacek
on Dec 20, 2010
|
parent
|
context
|
favorite
| on:
XSS vulnerability found in Github
Totally academic debate. HttpOnly is a band-aid; being able to inject Javascript still lets me do almost anything that I'd ever want to do with that cookie in the future.
Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
