Industry definition of XSS is status quo for a decade and never meant "app loads script from a CDN".
Loading ad network scripts doesn't have to allow BHs to run JS in your origin (tip: frames)
-
-
Again, not talking possibilities. I've worked in media. Ad networks demand control.
-
In addition, frames can exploit the browser engine inside their sandbox.
-
Any site you visit can do this - the web is built to let you view arbitrary webpages.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.