Re: Origin enables XSS to escalate to XSRF (was: security issue with XMLHttpRequest API compatibility) from Mark S. Miller on 2009-06-07 (www-tag@w3.org from June 2009)

From: Mark S. Miller <erights@google.com>
Date: Sun, 7 Jun 2009 15:53:36 -0700
To: Adam Barth <w3c@adambarth.com>, public-webapps <public-webapps@w3.org>, Arthur Barstow <art.barstow@nokia.com>, Thomas Roessler <tlr@w3.org>, Tyler Close <tyler.close@gmail.com>, Jonas Sicking <jonas@sicking.cc>, "General discussions concerning capability systems." <cap-talk@mail.eros-os.org>, Google Caja Discuss <google-caja-discuss@googlegroups.com>, Douglas Crockford <douglas@crockford.com>, Tyler Close <tyler@waterken.com>, Collin Jackson <collinj@cs.stanford.edu>, Collin Jackson <collin.jackson@gmail.com>, David Wagner <daw@cs.berkeley.edu>, www-tag@w3.org
Message-ID: <4d2fac900906071553u1dbc9702u554a59bf9e81efe9@mail.gmail.com>

I started this thread with a large recipient list so that others I expect to
be interested would be aware of it. All further messages on this thread
should occur only on <public-webapps@w3.org>. I will direct all my further
replies only there.

Sorry for any unnecessary or inappropriate noise.

-- 
   Cheers,
   --MarkM

Received on Sunday, 7 June 2009 22:54:21 UTC