Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
yen223
on May 29, 2014
|
parent
|
context
|
favorite
| on:
Google's XSS game
What's the trivial solution to this? I also wound up hosting the malicious file on my personal server...
trias
on May 29, 2014
|
next
[–]
data-uris also work: #data:text/javascript,alert('pwn')
aidos
on May 29, 2014
|
parent
|
next
[–]
That's what I used too. Hosting scripts is far too much like hard work...
hrrsn
on May 29, 2014
|
prev
|
next
[–]
There are apparently easier ways, but I just chucked an alert(); in my Dropbox public folder, did an //dl.dropboxusercontent.com/u/14XXX/xss.js as they serve both http and https.
joshschreuder
on May 30, 2014
|
prev
[–]
I put a small gist up and hotlinked through githack.com
Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
