W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2005

[whatwg] <a href="" ping="">

From: Charles Iliya Krempeaux <supercanadian@gmail.com>
Date: Wed, 26 Oct 2005 13:13:02 -0700
Message-ID: <84ce626f0510261313o7f0d2322gf30b990a0b4cbdb@mail.gmail.com>
Hello,

On 10/25/05, Jasper Bryant-Greene <jasper at album.co.nz> wrote:
> On Tue, 2005-10-25 at 14:24 -0700, Charles Iliya Krempeaux wrote:
> > With web browsers, there are only 2 ways of doing a POST.  (At least
> > only 2 ways I can think up right now :-)  )
> >
> > #1 is though an HTML form.  When a user submits an HTML form, they are
> > fully aware of it.  And the browser has a chance to tell the user they
> > are POST'ing to another domain.  (Which could be a social hack
> > attempt.)
>
> Yes, but look:
>
> <form action="http://example.com/delete" method="post" id="deleteForm">
>         <input type="hidden" name="photoID" id="93872">
>         <input type="hidden" name="sid" id="oihsd8f9u238f3feswfsdf">
> </form>
>
> <script type="text/javascript">
>         window.onload = function() {
>                 document.getElementById('deleteForm').submit();
>         }
> </script>
>
> No current browser I tested displays a warning. Most display it once,
> the first time a POST is actioned after the browser is installed, but
> default to never displaying it again.

That's a good point.


See ya

--
     Charles Iliya Krempeaux, B.Sc.

     charles @ reptile.ca
     supercanadian @ gmail.com

     developer weblog: http://ChangeLog.ca/
___________________________________________________________________________
 Never forget where you came from
Received on Wednesday, 26 October 2005 13:13:02 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:43 UTC