[Bug 13586] [html5] Input attributes allow form tampering from bugzilla@jessica.w3.org on 2011-08-03 (public-html-bugzilla@w3.org from August 2011)

From: <bugzilla@jessica.w3.org>
Date: Wed, 03 Aug 2011 22:59:24 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1QokPM-00026B-Qm@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=13586

Kornel Lesinski <kornel@geekhood.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kornel@geekhood.net

--- Comment #1 from Kornel Lesinski <kornel@geekhood.net> 2011-08-03 22:59:23 UTC ---
How would attacker get that input on a page in a first place? 

If the assumption is that pages fail to escape user-supplied data or use flawed
input filtering, then there is a lot of other ways to inject form-hijacking
scripts.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Wednesday, 3 August 2011 22:59:25 UTC