undefined | Better HN

0 pointsarcticfox9y ago0 comments

Also, just because we're on Hacker News, it doesn't mean every reader is equipped to audit code for security vulnerabilities.

Presumably that's the job of a professional security developer that might reasonably be expected to have checked their own similar product for this vulnerability...

0 comments

throwanem9y ago

Fair. I would, though, expect someone whose HN profile identifies him as an experienced full-stack engineer to be up to the challenge of spotting something as basic as an extension injecting code into untrusted DOM and trusting the results that code gives back.

juandazapata9y ago

Chill. There's no need to bash other people's expertise. We get it, you're an expert in the domain, but this is adding nothing to the conversation.

j / k navigate · click thread line to collapse

0 pointsarcticfox9y ago0 comments

Also, just because we're on Hacker News, it doesn't mean every reader is equipped to audit code for security vulnerabilities.

Presumably that's the job of a professional security developer that might reasonably be expected to have checked their own similar product for this vulnerability...

0 comments

throwanem9y ago

juandazapata9y ago

Chill. There's no need to bash other people's expertise. We get it, you're an expert in the domain, but this is adding nothing to the conversation.

j / k navigate · click thread line to collapse