Hacker News new | past | comments | ask | show | jobs | submit login

Wow, I don't even have a facebook account and that works. That feels like some XSS waiting to happen :/



It's an open redirect, not XSS. It's a matter of debate whether an open redirect is a vulnerability or not.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: