W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: Seamless iframes + CSS3 selectors = bad idea

From: <sird@rckc.at>
Date: Sun, 6 Dec 2009 17:40:10 +0800
Message-ID: <8ba534860912060140v4dfd0a65m37b9204299535d58@mail.gmail.com>
To: Maciej Stachowiak <mjs@apple.com>
Cc: Adam Barth <w3c@adambarth.com>, sird@rckc.at, Ian Hickson <ian@hixie.ch>, public-web-security@w3.org
its not a vulnerability.. the exploit was something like <keygen autofocus
onfocus=...

that's only allowing to auto exec js without user interaction... im not
saying it should be deleted.. it was just an example in how html5 is
bringing us new cool vectors.

-- Sent from my cellphone.

On Dec 6, 2009 5:32 PM, "Maciej Stachowiak" <mjs@apple.com> wrote:

On Dec 6, 2009, at 1:22 AM, sird@rckc.at wrote: > hi! > > I understood only
members/invited.expert...
Cn you give me an explanation of the exploit or a link to an explanation?
I'm not familiar with the issue you are referring to.

Regards,
Maciej
Received on Sunday, 6 December 2009 09:40:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT