W3C home > Mailing lists > Public > public-wsc-wg@w3.org > March 2007

Re: ACTION-164 - Elaborate Cross Site Scripting in Wiki

From: Stuart E. Schechter <ses@ll.mit.edu>
Date: Fri, 23 Mar 2007 14:49:21 -0400
To: W3C WSC Public <public-wsc-wg@w3.org>
CC: Johnathan Nightingale <johnath@mozilla.com>
Message-ID: <C2299971.F9E5%ses@ll.mit.edu> 

I wrote:
>    This is a great improvement.  I've differentiated attacks send form data
> between sites from those that send script/HTML code between sites.  I think
> this helps clean the tree tremendously.

   After writing this email I learned that this distinction is also made in
wikipedia.  I've adopted their term for attacks that cause requests to be
impersonated/forged.

   <http://en.wikipedia.org/wiki/Cross-site_request_forgery>

   This is now appropriately reflected in the threat trees.
Received on Friday, 23 March 2007 18:50:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:46 GMT