I wonder what are implications of having XSS on .google.com these days? All auth... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		vizzah on April 29, 2012 \| parent \| context \| favorite \| on: How a tweet about a XSS bug within Google+ leads t... I wonder what are implications of having XSS on .google.com these days? All auth cookies are likely to be http-only, so probably not a serious vulnerability?

nilsjuenemann on April 29, 2012 [–]

http://lcamtuf.coredump.cx/postxss/

It's a good writeup about the post-xss world and what kind of attacks are still exist.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact