W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

Re: XSS out of scope

From: Shawn Duffy <sduffy@aol.net>
Date: Thu, 05 Apr 2007 10:44:13 -0400
Message-ID: <46150B3D.3020201@aol.net>
To: "Close, Tyler J." <tyler.close@hp.com>
CC: public-wsc-wg@w3.org

Does this also include phishing that is only made possible via XSS, such
as a "trusted" site that has been injected with a fake login form via
XSS?  Is that also out of scope?  Just want to make sure I'm clear where
we're drawing the boundary...

Close, Tyler J. wrote:
> I've added a new Out of scope section to our Note to cover XSS attacks.
> See:
> http://www.w3.org/2006/WSC/drafts/note/#XSS
> This edit addresses ACTION-160
> Tyler
Received on Thursday, 5 April 2007 14:44:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:36:44 UTC