#3048 - Self-XSS Scam Warning
-
By Adam Edington
- Added
- 1 view
| Identifier | #3048 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Self-XSS Scam Warning |
| Status | Closed (rejected) |
| Handling member | Chris Graham |
| Addon | securitylogging |
| Description | Just noticed this on facebook when I accidentally opened the web console and I am not sure whether Composr accounts could theoretically be compromised in the same way, though I assume if facebook is susceptable maybe all sites are. In which case doing something similar to this might be useful.
The warning has a link to this page which explains it a bit more (we could create a similar page if we don't add that info to the warning message on the page source). https://www.facebook.com/help/246962205475854 |
| Steps to reproduce | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
(Click to enlarge)
This kind of thing is the browser's responsibility, rather than each website reimplementing it.
Besides, it is a can of worms. For example, making it always in English is rather imperialistic, but making it translatable would be burdensome. Real sites may also have other warnings there that scroll past it.
Another problem is it simply is not effective. You can run JavaScript in the address bar, and there's no way to put any kind of warning there.
You can try it yourself...
javascript:alert(document.cookie);