[xsl] RE: data protocol (off topic, just to clarify)

Subject: [xsl] RE: data protocol (off topic, just to clarify)
From: Américo Albuquerque <aalbuquerque@xxxxxxxxxxxxxxxx>
Date: Fri, 14 Feb 2003 13:56:22 -0000
Not quite. About:www.yahoo.com<script>?</script> will write the string
?www.yahoo.copm? and execute the script. About is always (at least to my
understanding) local, never connects to another domain.


-----Original Message-----
From: owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx
[mailto:owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Marty
McKeever
Sent: Thursday, February 13, 2003 4:22 PM
To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx
Subject: RE: data protocol: was RE: [xsl] node-setting() escaped text

yeah there was a nice security issue on this one, allowing you to read
other
peoples cookies.  something along the lines of

about:www.yahoo.com<script>alert(document.cookies)</script>

would fool IE into thinking that the result was a document on the
yahoo.com
domain and therefore safe to read/write yahoos cookies.



> -----Original Message-----
> From: owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx
> [mailto:owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of Américo
> Albuquerque
> Sent: Thursday, February 13, 2003 9:58 AM
> To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx
> Subject: RE: data protocol: was RE: [xsl] node-setting() escaped text
>
>
> Hi Bryan
> You can do something like that in IE.
> Try:
> about:<html code>
>
> try writing this in a html page :)
>
>  Link: <a href="about:<p><b>Teste</b></p>" target=_new>Click
> here</a>.<br>
>  Link: <a href="about:<b>hello</b><br/><p
> onclick=javascript:window.open('http://www.xml.com')>hello</p>"
> target=_new>Click here</a>.<br>
>  Link: <a
> href="about:<script>location.href='http://www.xml.com';</script>"
> target=_new>Click here</a>
>
>
> -----Original Message-----
> From: owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx
> [mailto:owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of bryan
> Sent: Thursday, February 13, 2003 2:22 PM
> To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx
> Subject: data protocol: was RE: [xsl] node-setting() escaped text
>
>
> >data:text/html,<b>hello</b>
> >into netscape's location bar)
>
> why do I think this is a security problem? Hmm
> data:text/html,<b>hello</b><br/><p
> onclick="javascript:window.open('http://www.xml.com')">hello</p>
>
> anyway it's interesting that it wasn't done as an app, asynchronous
> pluggable protocol, if it were then one could launch mozilla from
within
> IE by calling the protocol, on the other hand as it wasn't this opens
> the way up for an ie implementation. In fact it wouldn't be difficult
at
> all, of course as ie has enough security bugs...
>
>
>
>  XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list
>
>
>  XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list
>
>


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


Current Thread