Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
airza
9y ago
0 comments
Save
Share
Yes, but that gets passed to the server.
0 comments
3 comments · 2 top-level
top
newest
oldest
ghayes
9y ago
· 1 in thread
What about httsp://example.com/login#vulnerable-fragment
airza
OP
9y ago
Yes, as i commented elsewhere in this thread that would be fine.
sbarre
9y ago
It may get
logged
by the server but if it's designed to be parsed client-side, there may not be any server-side code examining or sanitizing that value before the SPA gets to it.
j
/
k
navigate · click thread line to collapse
