I don't know if this is why they have that, but that would make a pretty decent ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cschneid on July 16, 2009 \| parent \| context \| favorite \| on: Facebook monitors your alert() usage I don't know if this is why they have that, but that would make a pretty decent approach to restricting and slowing down XSS type attacks, if you can override and protect all the native built-in functions. It should be easy using log analysis to then notice spikes in usage of something, and investigate. I'm sure there are flaws in my idea, but I think it might work as part of a defense in depth approach.

mustpax on July 16, 2009 [–]

The fact that they're passing the data back with an image tag instead of an XHR request also suggests the same to me.

If this was some leftover debug code, I wouldn't expect it to be that sneaky.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact