W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: Seamless iframes + CSS3 selectors = bad idea

From: Daniel Glazman <daniel@glazman.org>
Date: Mon, 07 Dec 2009 21:36:12 +0100
Message-ID: <4B1D673C.2090800@glazman.org>
To: Adam Barth <w3c@adambarth.com>
Cc: public-web-security@w3.org
Adam Barth wrote:

> I would encourage you to read the full thread before responding.  A
> more compelling risk is the theft of secret tokens used to protect
> against CSRF.  Those are stored in the default value of attributes of
> input elements.

I just started reading the thread. But it really starts with a false
hypothesis and I replied to that. Let me explore the rest of the thread.
After all, you did not get the whole thread yourself at the same moment,
did you?

Received on Monday, 7 December 2009 20:36:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:23 UTC