Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] http-referer-checker.nse

From: George Chatzisofroniou <sophron () latthi com>
Date: Thu, 18 Jul 2013 18:00:12 +0300
On Sun, Jun 23, 2013 at 06:31:06PM +0300, George Chatzisofroniou wrote:

The attached script informs about cross-domain include of scripts.
Websites that include external javascript scripts are delegating part
of their security to third-party entities since that included code has
full client-side power and can do whatever it wants (like steal
document.cookie or send malicious AJAX requests). So, it's important
for developers to never include a javascript file from a domain they
don't trust.


Commited as revision r31418.

-- 
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: