Rob Weir
Via @adactio, use this the next time someone asks you “why would a user turn off JavaScript/use an ad blocker?” adactio.com/links/13285
I’m harvesting credit card numbers and passwords from your site. Here’s how.
This is a “what if?” scenario, but it’s all too plausible.
For site owners, the (partial) solution is to have a strong Content Security Policy.
For users, the solution is to disable JavaScript.
(In the wake of Spectre and Meltdown, this is now a perfectly legitimate action for security-conscious web users to take; I hope your site can support that.)
