[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [syndication] Syndication of javascript: urls as a security window?

To: syndication@yahoogroups.com
Subject: Re: [syndication] Syndication of javascript: urls as a security window?
From: Brian Aker <brian@tangent.org>
Date: 27 Feb 2002 15:40:28 -0800
In-reply-to: <87sn7msera.fsf@universe.yi.org>
References: <87sn7msera.fsf@universe.yi.org>

On Wed, 2002-02-27 at 15:10, burton@openprivacy.org wrote:
> This somethingBad() could be a one line Javascript to get cookes and to create a
> URL with this info an post to a site.
> 
> We should document this somewhere and incourage aggregators to remote
> javascript: urls.
> 
> Thoughts?
We fixed this on Slashdot some time ago. We never had anyone do it, but
we considered it just a matter of time till someone did. I imagine that
it is one of those exploits that are just waiting to bite a number of
people.
	-Brian
-- 
_______________________________________________________
Brian Aker, brian@tangent.org 
Slashdot Senior Developer
Seattle, Washington
http://tangent.org/~brian/
http://askbrian.org/
_______________________________________________________
You can't grep a dead tree.

Follow-Ups:
- Re: [syndication] Syndication of javascript: urls as a security window?
  - From: Jim Winstead <jimw-yahoo@trainedmonkey.com>

References:
- Syndication of javascript: urls as a security window?
  - From: burton@openprivacy.org

Prev by Date: Syndication of javascript: urls as a security window?
Next by Date: Re: [syndication] Syndication of javascript: urls as a security window?
Previous by thread: Syndication of javascript: urls as a security window?
Next by thread: Re: [syndication] Syndication of javascript: urls as a security window?
Index(es):
- Date
- Thread