In this definition the web is built on "XSS" and the term becomes useless. Let's stick to industry definition :)
-
-
Replying to @arturjanc @johnwilander
I think that the problem is that the industry definition is wrong, no? No real fix for that.
2 replies 0 retweets 0 likes -
Replying to @TheDaveCA @johnwilander
Industry definition of XSS is status quo for a decade and never meant "app loads script from a CDN".
3 replies 0 retweets 0 likes -
I am thoroughly enjoying this debate.
1 reply 0 retweets 1 like -
Good morning! In terms of aggregate risk on the web, do you agree ad scripts > "regular" XSS?
2 replies 0 retweets 0 likes -
Replying to @johnwilander @mikispag and
With ad scripts I mean loaded cross-origin under top origin for ad/tracker/analytics purposes.
2 replies 0 retweets 0 likes -
Users of most apps can't be owned by someone hacking Google/FB and replacing "Like"/GA JS.
2 replies 0 retweets 0 likes
Replying to @arturjanc @johnwilander and
Rather, the app itself likely has "regular" XSS and can be exploited by anyone on the web.
8:02 AM - 3 Oct 2016
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.