We're all in the hands of ad networks. But let's keep fighting regular XSS and non-PFS. The ad networks and trackers must have full access.https://twitter.com/brendaneich/status/782767374705496064 …
Your important data is mostly in apps that don't load untrusted scripts but suffer from XSS. Equating ads w/ XSS is dangerous
-
-
A cross-origin script load is nothing like XSS; but explaining this on Twitter is a fool's errand so I won't try
-
Tweet unavailable
-
Are you trying to get me to explain XSS to a leading researcher of XSS? ;-) I'm too old to be trolled like that!
-
Tweet unavailable
-
"XSS enables attackers to inject client-side scripts into web pages viewed by other users." Meh, boring topic.
-
Tweet unavailable
-
In this definition the web is built on "XSS" and the term becomes useless. Let's stick to industry definition :)
- 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.