Thanks, I’ve seen scripted attacks bypass this sort of hidden input unfortunatel... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		grey-area 16 days ago \| parent \| context \| favorite \| on: Subscription bombing and how to mitigate it Thanks, I’ve seen scripted attacks bypass this sort of hidden input unfortunately (perhaps human assisted or perhaps just ignoring hidden fields).

jaggederest 16 days ago | [–]

They often do actually ignore truly hidden fields (input type=hidden) but if you put them "behind" an element with css, or extremely small but still rendered, many get caught. It's similar to the cheeky prompt injection attacks people did/do against LLMs.

grey-area 16 days ago | | [–]

Thanks.

mads_quist 16 days ago | [–]

Sure, it's really basic of course.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact