Nmap Development mailing list archives
Re: [NSE] http-referer-checker.nse
From: George Chatzisofroniou <sophron () latthi com>
Date: Thu, 18 Jul 2013 18:00:12 +0300
On Sun, Jun 23, 2013 at 06:31:06PM +0300, George Chatzisofroniou wrote:
The attached script informs about cross-domain include of scripts. Websites that include external javascript scripts are delegating part of their security to third-party entities since that included code has full client-side power and can do whatever it wants (like steal document.cookie or send malicious AJAX requests). So, it's important for developers to never include a javascript file from a domain they don't trust.
Commited as revision r31418. -- George Chatzisofroniou _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] http-referer-checker.nse George Chatzisofroniou (Jul 18)