1 comment

[ 4.2 ms ] story [ 15.5 ms ] thread
If one bit of js can query google and bing, what hinders an evil developer to query my current session of my banks website? Or my <your favourite online store> account?