Simon Willison’s Weblog

Subscribe

If you are subject to an XSS, the same domain policy already ensures that you're f'd. An XSS attack is the "root" or "ring 0" attack of the web.

Alex Russell