Good reminder that, if you need to display untrusted data, you don’t give it a subdomain of your main domain name. Yes, modern security mechanisms properly isolate subdomains from each other. But cookies aren’t modern, they are really ancient.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.