- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Sat, 27 Sep 2014 13:14:28 +0200
- To: Mathias Bynens <mathiasb@opera.com>
- Cc: Ryan Sleevi <sleevi@google.com>, Tanvi Vyas <tanvi@mozilla.com>, Mike West <mkwst@google.com>, WebAppSec WG <public-webappsec@w3.org>
On Sat, Sep 27, 2014 at 12:36 PM, Mathias Bynens <mathiasb@opera.com> wrote: > On Sat, Sep 27, 2014 at 9:54 AM, Anne van Kesteren <annevk@annevk.nl> wrote: >> I think I'm out of my depth, but why would this give access to the >> contents of the target document? > > Anything that goes over HTTP (i.e. with no HSTS kicking in) can be > sslstripped or otherwise inferfered with by a MitM attacker. Sure, that bit I understand. -- https://annevankesteren.nl/
Received on Saturday, 27 September 2014 11:14:56 UTC