xsl-list
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: data protocol: was RE: node-setting() escaped text

2003-02-13 09:22:00
from [Marty McKeever] [Permanent Link] 
yeah there was a nice security issue on this one, allowing you to read other
peoples cookies.  something along the lines of

about:www.yahoo.com<script>alert(document.cookies)</script>

would fool IE into thinking that the result was a document on the yahoo.com
domain and therefore safe to read/write yahoos cookies.




-----Original Message-----
From: owner-xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com
[mailto:owner-xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com]On Behalf Of 
Américo
Albuquerque
Sent: Thursday, February 13, 2003 9:58 AM
To: xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com
Subject: RE: data protocol: was RE: [xsl] node-setting() escaped text


Hi Bryan
You can do something like that in IE.
Try:
about:<html code>

try writing this in a html page :)

 Link: <a href="about:<p><b>Teste</b></p>" target=_new>Click
here</a>.<br>
 Link: <a href="about:<b>hello</b><br/><p
onclick=javascript:window.open('http://www.xml.com')>hello</p>"
target=_new>Click here</a>.<br>
 Link: <a
href="about:<script>location.href='http://www.xml.com';</script>"
target=_new>Click here</a>


-----Original Message-----
From: owner-xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com
[mailto:owner-xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com] On Behalf Of 
bryan
Sent: Thursday, February 13, 2003 2:22 PM
To: xsl-list(_at_)lists(_dot_)mulberrytech(_dot_)com
Subject: data protocol: was RE: [xsl] node-setting() escaped text



data:text/html,<b>hello</b>
into netscape's location bar)


why do I think this is a security problem? Hmm
data:text/html,<b>hello</b><br/><p
onclick="javascript:window.open('http://www.xml.com')">hello</p>

anyway it's interesting that it wasn't done as an app, asynchronous
pluggable protocol, if it were then one could launch mozilla from within
IE by calling the protocol, on the other hand as it wasn't this opens
the way up for an ie implementation. In fact it wouldn't be difficult at
all, of course as ie has enough security bugs...



 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list





 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: node-setting() escaped text, Marty McKeever
Next by Date:  MSIE - XSL transform -> .innerHTML; images not caching, Shenan Hawkins
Previous by Thread:  Re: data protocol: was RE: node-setting() escaped text, David Carlisle
Next by Thread:  RE: data protocol (off topic, just to clarify), Américo Albuquerque
Indexes:  [Date] [Thread] [Top] [All Lists]