undefined | Better HN

0 pointshbn4y ago0 comments

The difference between an enterprise device management feature and a web API are... pretty massive.

It doesn't seem particularly unreasonable that a company dealing with sensitive data would want to prevent their less computer-educated employees from falling for self-XSS attacks

https://en.wikipedia.org/wiki/Self-XSS

0 comments

2 comments · 1 top-level

Dylan168074y ago· 1 in thread

View source is completely disconnected from the developer tools, and poses no self-XSS danger.

The given reason to disable view source itself was "students are able to find Google Form Quiz answers in source code" which is pretty ridiculous.

Also something about getting past a really broken web filter.

hbnOP4y ago

Ah sorry, I was thinking it was the entire browser console.

Or maybe that was already an option to disable by admins before this

j / k navigate · click thread line to collapse