- From: <sird@rckc.at>
- Date: Mon, 3 May 2010 21:14:45 -0500
- To: public-web-security@w3.org
- Cc: Julian Reschke <julian.reschke@gmx.de>, Ian Hickson <ian@hixie.ch>, Maciej Stachowiak <mjs@apple.com>
Received on Tuesday, 4 May 2010 02:15:39 UTC
Hello I think there's a problem with text/html-sandboxed, specially the fact that plugins like java and flash will load content even if it has the wrong content-type headers. <applet code=Lolz archive=http://victim/sandboxed> could be used to comunicate with victim's server and get cookies/etc. Also <embed src=http://victim/sandboxed> Also, what about (for example) in Mozilla -moz-binding? and similar objects that don't expect HTML. HTML is not the only active content... Greetings!! -- Eduardo http://www.sirdarckcat.net/
Received on Tuesday, 4 May 2010 02:15:39 UTC