Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is a hard problem. There are all sorts of places you can hide JS. My favourite is inside a data uri in an iframe. Eg:

<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnRk9PQkFSJyk8L3NjcmlwdD4="></iframe>



Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: