W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: XSS mitigation in browsers

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 20 Jan 2011 23:01:50 -0500
Message-ID: <4D39052E.6010607@mit.edu>
To: "sird@rckc.at" <sird@rckc.at>, public-web-security@w3.org
On 1/20/11 7:10 PM, sird@rckc.at wrote:
> Here's the PoC:
> http://eaea.sirdarckcat.net/epicwin.xhtml
>
> Though, only works on xhtml :(

The fact that it works at all is a bug.

-Boris
Received on Friday, 21 January 2011 04:02:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:25 UTC