W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

Re: XSS out of scope

From: Shawn Duffy <sduffy@aol.net>
Date: Thu, 05 Apr 2007 10:44:13 -0400
Message-ID: <46150B3D.3020201@aol.net>
To: "Close, Tyler J." <tyler.close@hp.com>
CC: public-wsc-wg@w3.org

Does this also include phishing that is only made possible via XSS, such
as a "trusted" site that has been injected with a fake login form via
XSS?  Is that also out of scope?  Just want to make sure I'm clear where
we're drawing the boundary...


Close, Tyler J. wrote:
> I've added a new Out of scope section to our Note to cover XSS attacks.
> See:
> 
> http://www.w3.org/2006/WSC/drafts/note/#XSS
> 
> This edit addresses ACTION-160
> 
> Tyler
> 
Received on Thursday, 5 April 2007 14:44:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:46 GMT