[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

[Edward Z. Yang]

Michal Zalewski wrote:
> More importantly, since the dictionary of possible inputs is rather
> limited, it would be pretty trivial to build a dictionary of site <->
> hash pairs and crack the values. May protect
> xyzzy2984.eur.int.example.com, but would still reveal to me you are
> coming from playboy.com.

Salt it. Problem solved.