W3C home > Mailing lists > Public > public-wsc-wg@w3.org > October 2007

Re: ISSUE-110: POST triggered via JavaScript [Techniques]

From: Yngve N. Pettersen <yngve@opera.com>
Date: Tue, 02 Oct 2007 13:30:49 -0500
To: "Web Security Context Working Group WG" <public-wsc-wg@w3.org>
Message-ID: <op.tzk1pnu9kvaitl@lessa-ii.elevennetworks.com>

On Tue, 02 Oct 2007 10:57:33 -0500, Web Security Context Working Group  
Issue Tracker <sysbot+tracker@w3.org> wrote:

>
> ISSUE-110: POST triggered via JavaScript [Techniques]
>
> http://www.w3.org/2006/WSC/track/issues/
>
> Raised by: Thomas Roessler
> On product: Techniques
>
> JavaScript can trigger unsafe HTTP methods (POST, ...).  This practice  
> has legitimate usage (e.g., SAML).
>
> Should there be any recommendations on that?

I think Plugins should be considered as part of this.

While a plugin may, in one way, be considered part of the user agent, in  
other respects (IMO the more important ones) it is an independent  
secondary user agent the perform certain tasks through the primary user  
agent. However, the primary UA have limited knowledge about and control  
over what the secondary agent can do.



-- 
Sincerely,
Yngve N. Pettersen

********************************************************************
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************
Received on Tuesday, 2 October 2007 18:31:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:51 GMT