W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2009

[whatwg] Security attacks on local storage

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 20 Feb 2009 22:15:44 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0902202215020.6186@hixie.dreamhostps.com>
On Fri, 20 Feb 2009, David Gerard wrote:
>
> http://research.zscaler.com/2009/02/practical-example-of-cssqli-using.html 
> http://it.slashdot.org/article.pl?sid=09/02/19/2055210

As Anne noted, this appears to be a bogus claim. I do not intend to change 
the spec here. If anyone sees an actual localStorage threat here, please 
let me know.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 20 February 2009 14:15:44 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:47 UTC