Re: Seamless iframes + CSS3 selectors = bad idea from sird@rckc.at on 2009-12-06 (public-web-security@w3.org from December 2009)

From: <sird@rckc.at>
Date: Sun, 6 Dec 2009 17:40:10 +0800
To: Maciej Stachowiak <mjs@apple.com>
Cc: Adam Barth <w3c@adambarth.com>, sird@rckc.at, Ian Hickson <ian@hixie.ch>, public-web-security@w3.org
Message-ID: <8ba534860912060140v4dfd0a65m37b9204299535d58@mail.gmail.com>

its not a vulnerability.. the exploit was something like <keygen autofocus
onfocus=...

that's only allowing to auto exec js without user interaction... im not
saying it should be deleted.. it was just an example in how html5 is
bringing us new cool vectors.

-- Sent from my cellphone.

On Dec 6, 2009 5:32 PM, "Maciej Stachowiak" <mjs@apple.com> wrote:

On Dec 6, 2009, at 1:22 AM, sird@rckc.at wrote: > hi! > > I understood only
members/invited.expert...
Cn you give me an explanation of the exploit or a link to an explanation?
I'm not familiar with the issue you are referring to.

Regards,
Maciej

Received on Sunday, 6 December 2009 09:40:49 UTC