XSS'd by ad, via DoubleClick, via Referer header: http://www.troyhunt.com/2015/07/how-i-got-xssd-by-my-ad-network.html?m=1 …
@frgx @ericlaw @troyhunt @BrendanEich IMO, it's terrible that "don't let an ad do anything outside its box until clicked" isn't the default.
-
-
@BRIAN_____ yes iframe sandbox doesn't have the adoption it should cc@ericlaw@troyhunt@BrendanEich -
@frgx@ericlaw@troyhunt@BrendanEich Yes. I think we need to enhance iframe sandbox to get the click-to-allow-top-navigation experience.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.