W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: Seamless iframes + CSS3 selectors = bad idea

From: <sird@rckc.at>
Date: Sun, 6 Dec 2009 17:40:10 +0800
Message-ID: <8ba534860912060140v4dfd0a65m37b9204299535d58@mail.gmail.com>
To: Maciej Stachowiak <mjs@apple.com>
Cc: Adam Barth <w3c@adambarth.com>, sird@rckc.at, Ian Hickson <ian@hixie.ch>, public-web-security@w3.org
its not a vulnerability.. the exploit was something like <keygen autofocus

that's only allowing to auto exec js without user interaction... im not
saying it should be deleted.. it was just an example in how html5 is
bringing us new cool vectors.

-- Sent from my cellphone.

On Dec 6, 2009 5:32 PM, "Maciej Stachowiak" <mjs@apple.com> wrote:

On Dec 6, 2009, at 1:22 AM, sird@rckc.at wrote: > hi! > > I understood only
Cn you give me an explanation of the exploit or a link to an explanation?
I'm not familiar with the issue you are referring to.

Received on Sunday, 6 December 2009 09:40:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:17 UTC