W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: Seamless iframes + CSS3 selectors = bad idea

From: Daniel Glazman <daniel@glazman.org>
Date: Mon, 07 Dec 2009 21:36:12 +0100
Message-ID: <4B1D673C.2090800@glazman.org>
To: Adam Barth <w3c@adambarth.com>
Cc: public-web-security@w3.org
Adam Barth wrote:

> I would encourage you to read the full thread before responding.  A
> more compelling risk is the theft of secret tokens used to protect
> against CSRF.  Those are stored in the default value of attributes of
> input elements.

I just started reading the thread. But it really starts with a false
hypothesis and I replied to that. Let me explore the rest of the thread.
After all, you did not get the whole thread yourself at the same moment,
did you?

</Daniel>
Received on Monday, 7 December 2009 20:36:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT