W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: XSS mitigation in browsers

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 20 Jan 2011 23:01:50 -0500
Message-ID: <4D39052E.6010607@mit.edu>
To: "sird@rckc.at" <sird@rckc.at>, public-web-security@w3.org
On 1/20/11 7:10 PM, sird@rckc.at wrote:
> Here's the PoC:
> http://eaea.sirdarckcat.net/epicwin.xhtml
>
> Though, only works on xhtml :(

The fact that it works at all is a bug.

-Boris
Received on Friday, 21 January 2011 04:02:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 21 January 2011 04:02:29 GMT