XSS'd by ad, via DoubleClick, via Referer header: http://www.troyhunt.com/2015/07/how-i-got-xssd-by-my-ad-network.html?m=1 …
-
-
Replying to @BRIAN_____
@BRIAN_____ I think@troyhunt is using the term "context" too loosely..1 reply 0 retweets 0 likes -
Replying to @ericlaw
@ericlaw@troyhunt I understand what you mean. it's still bad. And, it's terrible that it is the default on the web. /cc@frgx@BrendanEich2 replies 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____ it is terrible that on anyone can execute code in some domain that has no privileges? CC@ericlaw@troyhunt@BrendanEich2 replies 0 retweets 0 likes -
Replying to @frgx
@frgx@ericlaw@troyhunt@BrendanEich It does have some privileges, e.g. allow-top-navigation. Plus, DoubleClick chooses privs, not page.1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
@frgx@ericlaw@troyhunt@BrendanEich IMO, it's terrible that "don't let an ad do anything outside its box until clicked" isn't the default.1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____ yes iframe sandbox doesn't have the adoption it should cc@ericlaw@troyhunt@BrendanEich1 reply 0 retweets 0 likes
@frgx @ericlaw @troyhunt @BrendanEich Yes. I think we need to enhance iframe sandbox to get the click-to-allow-top-navigation experience.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.