Vulnerability Development mailing list archives
Re: How to prevent malicious linking/posting to webapps?
From: Pluto <pluto () STDERR DE>
Date: Tue, 12 Sep 2000 21:02:56 +0200
On Mon, Sep 11, 2000 at 11:24:50PM +0200, Bluefish (P.Magnusson) wrote:
Btw, any javascript expert know what happens when you have an 100%x100% frame, and you, as an example, add a site such as hotmail.com in the frame's URL? Wouldn't the script be able to extract information such as current URL in the frame?
If the frame is not owned by the script (same site) then it will not be able to read any information from it. In theory. As Guninsky has pointed out a few times it is sometimes possible, depending on the browser and it's version. Cheers Christoph Puppe -- /* Defcom Security GmbH || Net: www.defcom-sec.de */ /* Arndtstr. 34 || Tel: +49-30-61650-0 */ /* D-10965 Berlin || Fax: +49-30-61650-555 */
Current thread:
- Re: All Advantage Spyware, (continued)
- Re: All Advantage Spyware Justin Lintz (Sep 12)
- Re: All Advantage Spyware Robert Collins (Sep 12)
- Re: All Advantage Spyware Blue Boar (Sep 12)
- Re: All Advantage Spyware Brad Griffin (Sep 12)
- Re: All Advantage Spyware Thierry (Sep 12)
- Message not available
- Re: All Advantage Spyware Dimitry Andric (Sep 12)
- How to prevent malicious linking/posting to webapps? Lincoln Yeoh (Sep 12)
- Re: How to prevent malicious linking/posting to webapps? Bluefish (P.Magnusson) (Sep 12)
- Re: How to prevent malicious linking/posting to webapps? Lincoln Yeoh (Sep 13)
- Re: How to prevent malicious linking/posting to webapps? Robert Collins (Sep 14)
- Re: How to prevent malicious linking/posting to webapps? Pluto (Sep 13)
- Message not available
- Re: How to prevent malicious linking/posting to webapps? Slawek (Sep 12)
- Re: All Advantage Spyware Justin Lintz (Sep 12)
- Re: All Advantage Spyware Russel Smith (Sep 12)
- Re: All Advantage Spyware Jonathan Rickman (Sep 12)
- Re: All Advantage Spyware Brad Griffin (Sep 12)
- Re: All Advantage Spyware Doug Kahler (Sep 12)