> They can't inject anything into the page assuming that someone finds a way to ... | Hacker News

HN2new | past | comments | ask | show | jobs | submit

		buboard on Dec 4, 2019 \| parent \| context \| favorite \| on: Fight back against Google AMP (2018) > They can't inject anything into the page assuming that someone finds a way to sign a malicious Html page (e.g. by sneaking into the editors office) they can serve it from anywhere, and the browser will pretend it's coming from the bank

echeese on Dec 4, 2019 [–]

If someone's able to get the signing key you've already failed at security.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact