- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 19 Mar 2009 07:29:34 +0000 (UTC)
- To: Alexey Proskuryakov <ap@webkit.org>
- Cc: Jonas Sicking <jonas@sicking.cc>, public-webapps <public-webapps@w3.org>
On Thu, 19 Mar 2009, Alexey Proskuryakov wrote: > > In fact, it seems very likely that even timing of preflight requests > makes port scans possible, but I don't have any data to support this > theory. Port scans are already possible with unscripted HTML using <img> elements and <meta http-equiv="refresh">, and are certainly already possible with <img> elements and onload=""/onerror="" events. We lost this particular battle a decade and a half ago when nobody was looking. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 19 March 2009 07:30:12 UTC