There is speculation that China is clamping down on soft tech (social apps, ...) to encourage people to work on hard tech (hardware, ...). China's semiconductor company spiked today on the stock market.
I'm pretty sure you can defend against this with javascript script hashes and restrictive CSR's, but yeah, they are quite involved to setup.
> If some site has an XSS vulnerability, then they've already got access to my session cookies Not true if the website uses HttpOnly session cookies as they should.
There is speculation that China is clamping down on soft tech (social apps, ...) to encourage people to work on hard tech (hardware, ...). China's semiconductor company spiked today on the stock market.
I'm pretty sure you can defend against this with javascript script hashes and restrictive CSR's, but yeah, they are quite involved to setup.
> If some site has an XSS vulnerability, then they've already got access to my session cookies Not true if the website uses HttpOnly session cookies as they should.