Doesn't this issue affect Tumblr (and Blogspot, and Wordpress) as well? They all... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		magic_haze on April 10, 2013 \| parent \| context \| favorite \| on: Yummy cookies across domains Doesn't this issue affect Tumblr (and Blogspot, and Wordpress) as well? They all allow arbitrary javascript to be injected by the user in a subdomain, so how are they tackling it?

arb99 on April 10, 2013 [–]

IIRC only the blog front ends are on the blogspot.com domain. All user logins/blog admin etc are on the blogger.com domain (and no *.blogger.com domains).

(not used their services for ages, so there might be more overlap than i remember)

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact