That’s surely bounded now much it can show, so an attacker can just fill it up till the api throws an error
Surely the browser could enforce a limit on a domain, and make sure that the real page you came from (typically the search engine) is prominently displayed.
alt Hacker News
Surely the browser could enforce a limit on a domain, and make sure that the real page you came from (typically the search engine) is prominently displayed.