On Sat, Jun 18, 2016 at 10:52:05AM +0200, Gisle Vanem via curl-library wrote: > Dan Fandrich wrote: > > > I think it's ironic that not only does this protest requires loading > > arbitrary > > Javascript from a third-party site, but it's served unencrypted and > > unauthenticated and is therefore vulnerable to active manipulation by a > > malicious party while in transit. > > Why is this so ironic? You're not trusting the firewall > status of China is accurate?
The problem is that someone adding this banner opens up a massive security hole in his site the size of, oh, I don't know, the Great Wall of China maybe. A hole that can be trivially exploited by a malicious state actor to inject arbitrary Javascript code into the browser of any targeted visitor to that site. >>> Dan ------------------------------------------------------------------- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
