Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
leni536
on July 14, 2015
|
parent
|
context
|
favorite
| on:
How I got XSS’d by my ad network
Well, once you hotlink jquery in your website at least use the https link (assuming your site is on https too).
nothrabannosir
on July 14, 2015
[–]
No need; the browser will block
http://
included from
https://
pages. Including from a
http://
page? Then a compromised jquery cdn is the least of your worries.
In short; no, just a compromised dns record is not enough.
mayrun
on July 14, 2015
|
parent
[–]
if it is a
http://
page, then even a small change in the local host file is enough.
Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
