pull down to refresh
- Bookmarks are ok but where’s SN special there. I made a tampermonkey script for myself that does do that though and I am willing to share it with others.
- I didn’t know that, this should be made public, but this isn’t just about issues, I would like to report site vulnerabilities too.
It's on the footer of every page. You can report vulnerability securely there, too: https://github.com/stackernews/stacker.news/security
Thanks! I found some ettercap, HTTP mistakes and XSS vulnerabilities. I’ll report them right away! :)
cc @ek fyi
I was initially planning to DM you with these but now I'll upload it via GitHub.
I think there should be another page link in the SN header as a pinned post for 7 days in suppose glowing neon saying "Beginners here!" for accounts that are not atleast 1 week old. I will include other ideas in the GitHub issue.
Is this your critical report? If so, that wasn't a responsible disclosure as described in the three links I sent you.
And the link I shared to the security advisory page on the GH repo
you sent me 3 links? where?
I replied to your report on Github.
I am still interested in the XSS vulnerability you said you found.
lol, after all that
lol