W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

Re: [XHR2] Upload progress events and simple cross-origin requests

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 19 Mar 2009 07:29:34 +0000 (UTC)
To: Alexey Proskuryakov <ap@webkit.org>
Cc: Jonas Sicking <jonas@sicking.cc>, public-webapps <public-webapps@w3.org>
Message-ID: <Pine.LNX.4.62.0903190727590.2690@hixie.dreamhostps.com>
On Thu, 19 Mar 2009, Alexey Proskuryakov wrote:
> In fact, it seems very likely that even timing of preflight requests 
> makes port scans possible, but I don't have any data to support this 
> theory.

Port scans are already possible with unscripted HTML using <img> elements 
and <meta http-equiv="refresh">, and are certainly already possible with 
<img> elements and onload=""/onerror="" events. We lost this particular 
battle a decade and a half ago when nobody was looking.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 19 March 2009 07:30:12 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:14 UTC