W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2013

ISSUE-44: Same-origin policy identity query via script-hash. issue is you do a third party inline script with a known script-hash. if it succeeds, you know that the target was as expected, even though you can't read it

From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Tue, 26 Feb 2013 22:41:45 +0000
Message-Id: <E1UATDV-00030t-8w@crusher.w3.org>
To: public-webappsec@w3.org
ISSUE-44: Same-origin policy identity query via script-hash. issue is you do a third party inline script with a known script-hash. if it succeeds, you know that the target was as expected, even though you can't read it

http://www.w3.org/2011/webappsec/track/issues/44

Raised by: 
On product: 
Received on Tuesday, 26 February 2013 22:41:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 26 February 2013 22:41:46 GMT