On 12/17/09 5:19 AM, timeless wrote: > from memory the other concern people had was the ability for a site to do: > > @import url(https://bank.com/balance.cgi); > > and then interrogate the unknown rules to recover the web page. > > I take it that people have solved this problem and are no longer worried? Gecko throws a security exception on attempts to get the rule list of a stylesheet that's not same-origin with the calling script, to prevent interrogation of things that even happen to look like known rules. Can't speak to what other browsers do. -BorisReceived on Thursday, 17 December 2009 18:41:11 UTC
This archive was generated by hypermail 2.4.0 : Friday, 25 March 2022 10:07:41 UTC