Not quite. About:www.yahoo.com<script>?</script> will write the string
?www.yahoo.copm? and execute the script. About is always (at least to my
understanding) local, never connects to another domain.
-----Original Message-----
From: owner-xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com
[mailto:owner-xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com] On Behalf Of
Marty
McKeever
Sent: Thursday, February 13, 2003 4:22 PM
To: xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com
Subject: RE: data protocol: was RE: [xsl] node-setting() escaped text
yeah there was a nice security issue on this one, allowing you to read
other
peoples cookies. something along the lines of
about:www.yahoo.com<script>alert(document.cookies)</script>
would fool IE into thinking that the result was a document on the
yahoo.com
domain and therefore safe to read/write yahoos cookies.
-----Original Message-----
From: owner-xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com
[mailto:owner-xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com]On Behalf Of
Américo
Albuquerque
Sent: Thursday, February 13, 2003 9:58 AM
To: xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com
Subject: RE: data protocol: was RE: [xsl] node-setting() escaped text
Hi Bryan
You can do something like that in IE.
Try:
about:<html code>
try writing this in a html page :)
Link: <a href="about:<p><b>Teste</b></p>" target=_new>Click
here</a>.<br>
Link: <a href="about:<b>hello</b><br/><p
onclick=javascript:window.open('http://www.xml.com')>hello</p>"
target=_new>Click here</a>.<br>
Link: <a
href="about:<script>location.href='http://www.xml.com';</script>"
target=_new>Click here</a>
-----Original Message-----
From: owner-xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com
[mailto:owner-xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com] On Behalf Of
bryan
Sent: Thursday, February 13, 2003 2:22 PM
To: xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com
Subject: data protocol: was RE: [xsl] node-setting() escaped text
data:text/html,<b>hello</b>
into netscape's location bar)
why do I think this is a security problem? Hmm
data:text/html,<b>hello</b><br/><p
onclick="javascript:window.open('http://www.xml.com')">hello</p>
anyway it's interesting that it wasn't done as an app, asynchronous
pluggable protocol, if it were then one could launch mozilla from
within
IE by calling the protocol, on the other hand as it wasn't this opens
the way up for an ie implementation. In fact it wouldn't be difficult
at
all, of course as ie has enough security bugs...
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list