W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: Seamless iframes + CSS3 selectors = bad idea

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 7 Dec 2009 12:39:32 -0800
Message-ID: <7789133a0912071239q1cf33fdfhaf9160a3f20232b8@mail.gmail.com>
To: Daniel Glazman <daniel@glazman.org>
Cc: public-web-security@w3.org
On Mon, Dec 7, 2009 at 12:36 PM, Daniel Glazman <daniel@glazman.org> wrote:
> Adam Barth wrote:
>> I would encourage you to read the full thread before responding.  A
>> more compelling risk is the theft of secret tokens used to protect
>> against CSRF.  Those are stored in the default value of attributes of
>> input elements.
> I just started reading the thread. But it really starts with a false
> hypothesis and I replied to that. Let me explore the rest of the thread.
> After all, you did not get the whole thread yourself at the same moment,
> did you?

Indeed not.  However, your email repeats points that were already made
later in the thread and understood.

Received on Monday, 7 December 2009 20:40:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:23 UTC