- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 22 Mar 2006 09:45:42 +0100
- To: Jason Crawford <nn683849@smallcue.com>
- CC: w3c-dist-auth@w3.org
Jason Crawford wrote: > > On Tuesday, 03/21/2006 at 03:32 CET, Julian Reschke > <nnjulian.reschke___at___gmx.de@smallcue.com> wrote: > > Hi, > > > > I think that Kevin is correct that this is a new type of attack not > > discussed before, although I think it's misleading to call it an XSS > attack. > > > > I have opened a BugZilla issue for it > > (<http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=237>). Once we > > have consensus that this is a real problem, we need to discuss what to > > say in the Security Considerations section. > > From viruses, to spam, to copyrighted art, > to offensive material, this is a pervasive issue that > people should already be aware of. > I don't think WebDAV adds much new here and I don't think it's > necesary for the webdav spec to take responsibility for warning > people about letting people or zombies put inappropriate content > in public places. Jason, the big difference here is that the vulnerability is with HTML content even in the absence of any browser bug. I really think this is different from the other stuff. Best regards, Julian
Received on Wednesday, 22 March 2006 08:47:02 UTC