- From: <robert@webappsec.org>
- Date: Fri, 28 Jan 2011 16:50:31 -0500 (EST)
- To: bzbarsky@MIT.EDU (Boris Zbarsky)
- Cc: w3c@adambarth.com (Adam Barth), public-web-security@w3.org
> Does allowing attackers to rewrite the text on your page (but not run > any script) have security impact? Yes, this can allow for content spoofing depending on the reflection point. http://projects.webappsec.org/w/page/13246917/Content-Spoofing Regards, - Robert Auger http://www.webappsec.org/ http://www.cgisecurity.com/ http://www.qasec.com/
Received on Saturday, 29 January 2011 22:19:01 UTC