- From: Charles Iliya Krempeaux <supercanadian@gmail.com>
- Date: Wed, 26 Oct 2005 13:13:02 -0700
Hello,
On 10/25/05, Jasper Bryant-Greene <jasper at album.co.nz> wrote:
> On Tue, 2005-10-25 at 14:24 -0700, Charles Iliya Krempeaux wrote:
> > With web browsers, there are only 2 ways of doing a POST. (At least
> > only 2 ways I can think up right now :-) )
> >
> > #1 is though an HTML form. When a user submits an HTML form, they are
> > fully aware of it. And the browser has a chance to tell the user they
> > are POST'ing to another domain. (Which could be a social hack
> > attempt.)
>
> Yes, but look:
>
> <form action="http://example.com/delete" method="post" id="deleteForm">
> <input type="hidden" name="photoID" id="93872">
> <input type="hidden" name="sid" id="oihsd8f9u238f3feswfsdf">
> </form>
>
> <script type="text/javascript">
> window.onload = function() {
> document.getElementById('deleteForm').submit();
> }
> </script>
>
> No current browser I tested displays a warning. Most display it once,
> the first time a POST is actioned after the browser is installed, but
> default to never displaying it again.
That's a good point.
See ya
--
Charles Iliya Krempeaux, B.Sc.
charles @ reptile.ca
supercanadian @ gmail.com
developer weblog: http://ChangeLog.ca/
___________________________________________________________________________
Never forget where you came from
Received on Wednesday, 26 October 2005 13:13:02 UTC