[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Syndication of javascript: urls as a security window?

To: syndication@yahoogroups.com
Subject: Syndication of javascript: urls as a security window?
From: burton@openprivacy.org
Date: 27 Feb 2002 15:10:01 -0800
Sender: burton@universe.yi.org
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1.50

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


OK...

I don't think a lot of people are checking for this.

If someone were to create an RSS item of

<item>

    <title>something shocking has happened</title>
    <link>javascript:somethingBad()</title>

</item>

This somethingBad() could be a one line Javascript to get cookes and to create a
URL with this info an post to a site.

We should document this somewhere and incourage aggregators to remote
javascript: urls.

Thoughts?

- -- 
Kevin A. Burton ( burton@apache.org, burton@openprivacy.org, burtonator@acm.org )
             Location - San Francisco, CA, Cell - 415.595.9965
        Jabber - burtonator@jabber.org,  Web - http://relativity.yi.org/

Calm your fury, oh mighty lord.  Whatever you may be, god or demon, please leave
us in peace.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Get my public key at: http://relativity.yi.org/pgpkey.txt

iD8DBQE8fWdJAwM6xb2dfE0RAvNzAJ9Mt27ipxEGWA9tk1d+JjmcH2+hdwCgutAq
w1e/VUjYLHYb8xTpyPPA3oM=
=QilR
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: [syndication] Syndication of javascript: urls as a security window?
  - From: Brian Aker <brian@tangent.org>

Prev by Date: ANNOUNCE: XML's Role in Content Management (AIIM Tutorial)
Next by Date: Re: [syndication] Syndication of javascript: urls as a security window?
Previous by thread: ANNOUNCE: XML's Role in Content Management (AIIM Tutorial)
Next by thread: Re: [syndication] Syndication of javascript: urls as a security window?
Index(es):
- Date
- Thread