- From: <bugzilla@jessica.w3.org>
- Date: Tue, 12 Apr 2011 08:35:06 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=12469 --- Comment #6 from Simon <simon.young90@live.com> 2011-04-12 08:35:05 UTC --- Thanks Henri, However, with respects I think you have misinterpreted the idea of this exploit. The recvPayload function is infact part of the injected code. Though I could validate the origin of messages so that it can only be exploited by my server I have not done so in the case of this example. You could add an extra line to validate message by cross-checking it with the iFrame. Thanks, Simon -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Tuesday, 12 April 2011 08:35:08 UTC