W3C home > Mailing lists > Public > www-validator@w3.org > February 2005

Re: 302 redirect bypasses security and allows validation of pages on localhost

From: Ville Skyttä <ville.skytta@iki.fi>
Date: Mon, 21 Feb 2005 23:42:34 +0200
To: david@dorward.me.uk
Cc: www-validator@w3.org
Message-Id: <1109022154.6386.258.camel@bobcat.mine.nu>

On Mon, 2005-02-21 at 20:58 +0000, David Dorward wrote:
> Rick -Gilligan- Uschold's post raises an issue. Presumably to avoid
> exposing internal servers to the public, the validator rejects
> attempts to validate http://localhost/. By issuing a 302 redirect from
> a remote site, users can bypass this.

Known issue, assigned to me.  I'm trying to find time to fix that RSN.
Received on Monday, 21 February 2005 21:42:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 25 April 2012 12:14:18 GMT