Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API

From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
XSS attack means game over, and no httpOnly cookie is gonna save you. Here’s why:
1. I copy the exact html and css of your sign-up form, but make it send data to my server
2. I perform XSS that replaces page content with that malicious form
3. 99% of users think they should sign in again
4. Profit: I now have their login and password.
rant