| ▲ | sigseg1v 3 days ago | |
isn't this actually XSRF and worse than XSS? Also, if users can run arbitrary JS on someone else's server then what stops them from doing CPU-bound work such as crypto miners? | ||
| ▲ | sigseg1v 3 days ago | parent [-] | |
SSRF* sorry typo | ||
| ▲ | sigseg1v 3 days ago | |
isn't this actually XSRF and worse than XSS? Also, if users can run arbitrary JS on someone else's server then what stops them from doing CPU-bound work such as crypto miners? | ||
| ▲ | sigseg1v 3 days ago | parent [-] | |
SSRF* sorry typo | ||