law, web security re: kind of a subtoot, kind of a complaint Show more
@srn Yeah, it's not necessarily new, it just feels bad.
Besides the "did I accidentally commit a crime by clicking that link?", it just feels like making fun of someone who made a mistake.
Sure, that particular place is popular to dislike, and maybe for good reasons, but even so.
web security re: kind of a subtoot, kind of a complaint Show more
@nightpool *dons webappsec hat*
That's just reflected XSS, since it fires by just clicking on the link. (Self XSS would be more if you had to paste something into the page after it loaded.) Reflected XSS gets you all sorts of bad things (and in particular, for the thing I'm subtooting, there's a subdomain that lets you set up a stock portfolio, which could be sensitive - haven't checked whether or not it's actually vulnerable).