Forgot your password?
typodupeerror

Comment: Re:Ugh (Score 1) 156

by Jerome H (#40186609) Attached to: The Cost of Crappy Security In Software Infrastructure

XSS is still a systemic error, not strictly coding. Why? Because it's code injection. If the browser was sandboxed, then the code couldn't do anything. Now, fi your bank was hit or your browser is sandboxed per instance, not tab, then you could lose your bank info to an attack, again, a high level design issue, not a coding issue.

Well even if the browser is sandboxed what would it change? The malicious code comes from the URL (either per mail or linking) and is displayed back to the user without any sanitizing, how is this not an coding error ?

Neckties strangle clear thinking. -- Lin Yutang

Working...