Cross-Site Scripting Attacks Possible At Multiple Webspace Provid ers

[full-disclosure () lists netsys com (Matthew Murphy)]

> I thought this was as widely known as the ability to spoof the sender
address in emails. Like you said: "The same-origin >policy that is used to
avoid cross-frame security violations is completely compromised" because it
all comes from the same >origin.
> Maybe people just don't know, but i've known this since I first learned
about browser script security.

I would far rather provide information that you can simply skip over than
not provide that information and leave someone else confused.  Therefore, I
aim to provide as much info as possible and let the (informed) user decide
what to do.