Validate yo' message origins.https://twitter.com/almroot/status/836874262900326401 …
-
-
paypal had a bug a while ago where they only checked whether origin *contains* the permitted domain
-
if (event.origin.match(/paypalobjects\.com/i) || event.origin.match(/paypal\.com/i) || config.devMode || [...]) {
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.