The vendor (Google) communicated that "they do not consider open redirects to be a security issue". https://www.google.com/amp/seclists.org/bugtraq/2016/Apr/70 …
you said "Looking at the <a href> is not enough" - and with classic OR, yeah, the user has to look at the address bar once
-
-
but here (and also with tabnabbing), the user has to monitor the address bar more or less continuously
-
(but also: why is tabnabbing still a thing? can't chrome and firefox kill cross-origin, cross-tab location writes?)
- 2 more replies
New conversation -
-
-
oh, you're right then. I was referring to the general case of OR.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.