W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > August 2011

[Bug 13586] [html5] Input attributes allow form tampering

From: <bugzilla@jessica.w3.org>
Date: Wed, 03 Aug 2011 22:59:24 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1QokPM-00026B-Qm@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=13586

Kornel Lesinski <kornel@geekhood.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kornel@geekhood.net

--- Comment #1 from Kornel Lesinski <kornel@geekhood.net> 2011-08-03 22:59:23 UTC ---
How would attacker get that input on a page in a first place? 

If the assumption is that pages fail to escape user-supplied data or use flawed
input filtering, then there is a lot of other ways to inject form-hijacking
scripts.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Wednesday, 3 August 2011 22:59:25 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 16:31:16 UTC