W3C home > Mailing lists > Public > www-validator@w3.org > February 2005

302 redirect bypasses security and allows validation of pages on localhost

From: David Dorward <david@dorward.me.uk>
Date: Mon, 21 Feb 2005 20:58:20 +0000
To: www-validator@w3.org
Message-ID: <20050221205820.GF29347@us-lot.org>


Rick -Gilligan- Uschold's post raises an issue. Presumably to avoid
exposing internal servers to the public, the validator rejects
attempts to validate http://localhost/. By issuing a 302 redirect from
a remote site, users can bypass this.

-- 
David Dorward                                      http://dorward.me.uk

Received on Monday, 21 February 2005 20:58:22 GMT

This message: [ Message body ]
Next message: Ville Skyttä: "Re: 302 redirect bypasses security and allows validation of pages on localhost"
Previous message: Ville Skyttä: "Re: Validator checks the WRONG web page"
In reply to: Rick -Gilligan- Uschold: "Validator checks the WRONG web page"
Next in thread: Ville Skyttä: "Re: 302 redirect bypasses security and allows validation of pages on localhost"
Reply: Ville Skyttä: "Re: 302 redirect bypasses security and allows validation of pages on localhost"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 6 April 2009 13:05:52 GMT