Jump to content
moubik

ff3 cross domain scripting ?

By moubik, in Exploituri

Recommended Posts

moubik Newbie

moubik

Posted
Posted

deci tipul asta spune ca a implementat cross domain scripting in firefox 3

http://ejohn.org/blog/cross-site-xmlhttprequest/

initial se puteau face cross domain requests dar s-a scos pentru ca este un mare security issue

un retard se intreaba de ce a fost scos acest feature de la inceput

http://ajaxian.com/archives/cross-site-xmlhttprequest-in-firefox-3

What exactly is the reason we need this? Has anybody here really understood why XMLHttp is currently limited to one host and cannot communicate cross-domain? I really do not understand that. If XMLHttp cannot do this by default, why it is still possible to load scripts and images from other servers? Why can I do exactly the same type of cross-domain communication using Flash, maybe using Silverlight in the future? What is the original reason for this limitation? Is this documented anywhere?

daca cineva nu ii opreste pe astia cu un singur xss in orice site (nu neaparat in yahoo sau google) poti sa citesti mailurile oamenilor de oriunde (yahoo, google).

sa modifici informatii personale, sa faci csrf bypass...

e o gluma, nu ?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...