views:

151

answers:

1
+2  Q: 

XSS on jsbin.com

Anyone know if jsbin.com implements any protection for XSS or other javascript attacks?

I see jsbin links used fairly regularly on sites like this one and I can't find any indication from the site one way or another. If it does implement counter measures, what kinds of things does it block out. If not, I should probably be more careful about which links I choose to click.

+1  A: 

I guess an unfriendly script could do a denial of service on jsbin by continually scripting a ‘save to public URL’ submission to clog the database up. And of course anyone could post a security hole exploit script which would infect people with old browsers and plugins; that might also get jsbin on Google's blocklist.

That's about all though... there are no user credentials to steal or nefarious things to do with people's accounts and privileges because there are no accounts or privileges.

I should probably be more careful about which links I choose to click.

Yes, that seems reasonable.

bobince