W3C home > Mailing lists > Public > public-web-security@w3.org > August 2012

Re: http client side security issues

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 27 Aug 2012 10:59:36 -0700
Message-ID: <CAJE5ia_6_+rO==-L4Zpkr7edwZh5oK-Znf6eN+cCJ4PNC6m+4g@mail.gmail.com>
To: yuming huang <http.client.security@hotmail.com>
Cc: public-web-security@w3.org
You might not get the kinds of responses you're looking for from this
mailing list.  You might find better information from OWASP:

https://www.owasp.org/

Adam


On Fri, Aug 24, 2012 at 2:06 PM, yuming huang
<http.client.security@hotmail.com> wrote:
> Hi,
>
> The following questions are about current HTML standard (HTML 4.0, 4.1,
> 5.0?), as well as actual implementations (Internet Explorer, Firefox,
> Chrome).
>
> 1. Is silent download other than the HTML file itself allowed?  How does it
> work if possible?   How to prevent it from happening?
> For example(IE), a user types in a url and hits enter key. IE renders a web
> page (user sees it) and downloads a binary file silently to user's PC (user
> does not know).  Later the binary gets to run.
>
> 2. What are the means for web server to collect infomation from a web client
> user?  Form, Cookie, browser signature...
>
>
> I searched http://lists.w3.org/Archives/Public/public-web-security/  but
> found no result.
>
>
> Thanks!
>
>
Received on Monday, 27 August 2012 18:00:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 August 2012 18:00:40 GMT