Full Disclosure mailing list archives
Cross-Site Scripting Attacks Possible At Multiple Webspace Provid ers
From: full-disclosure () lists netsys com (Matthew Murphy)
Date: Tue, 6 Aug 2002 10:49:37 -0500
I thought this was as widely known as the ability to spoof the sender
address in emails. Like you said: "The same-origin >policy that is used to avoid cross-frame security violations is completely compromised" because it all comes from the same >origin.
Maybe people just don't know, but i've known this since I first learned
about browser script security. I would far rather provide information that you can simply skip over than not provide that information and leave someone else confused. Therefore, I aim to provide as much info as possible and let the (informed) user decide what to do.
Current thread:
- Cross-Site Scripting Attacks Possible At Multiple Webspace Providers Matthew Murphy (Aug 05)
- Cross-Site Scripting Attacks Possible At Multiple Webspace Provid ers Berend-Jan Wever (Aug 06)
- Cross-Site Scripting Attacks Possible At Multiple Webspace Provid ers Matthew Murphy (Aug 06)
- Cross-Site Scripting Attacks Possible At Multiple Webspace Provid ers Berend-Jan Wever (Aug 06)