undefined | Better HN

0 pointsanony1212126y ago0 comments

So then disable javascript for http sites

0 comments

That won't do anything. If someone can Man-in-the-Middle you, then they can easily forge a 302 redirection to a malicious web page that could be HTTPS.

pixl976y ago

Ok, cool, I found a new numerical overflow image rendering in your browser library. Now I can shove an <img> tag in the insecure stream and exploit you.

j / k navigate · click thread line to collapse

0 pointsanony1212126y ago0 comments

So then disable javascript for http sites

0 comments

Sohcahtoa826y ago

That won't do anything. If someone can Man-in-the-Middle you, then they can easily forge a 302 redirection to a malicious web page that could be HTTPS.

pixl976y ago

Ok, cool, I found a new numerical overflow image rendering in your browser library. Now I can shove an <img> tag in the insecure stream and exploit you.

j / k navigate · click thread line to collapse