> if you had some other XSS in a webview that you can get a victim to open, you get effectively full RCE on their computer.
Github creds or the computer, can't decide which one is worse.
> if you had some other XSS in a webview that you can get a victim to open, you get effectively full RCE on their computer.
Github creds or the computer, can't decide which one is worse.