>On Wed, Dec 3, 2008 at 12:58 PM, Mark Nottingham <mnot@mnot.net> wrote: > > On 03/12/2008, at 11:32 PM, Ben Laurie wrote: > >> There are standards for XSS??? > > > > There's a de facto standard in the browsers (same origin), and these >folks > > are working towards something more formal, maybe; > > http://www.w3.org/2006/WSC/ > >Same origin policy isn't really all that much to do with cross-site >scripting, surely? > With regards to same origin policy, is there any consideration for file:/// based stuff, since there is currently an open issue in the Mozilla bug database: https://bugzilla.mozilla.org/show_bug.cgi?id=397894 If there is a w3c recommendation on how to deal with this it would be useful. AndreReceived on Wednesday, 3 December 2008 19:09:42 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:38:52 GMT