- From: andre John Mas <ajmas@sympatico.ca>
- Date: Wed, 03 Dec 2008 14:08:54 -0500
- To: benl@google.com, mnot@mnot.net
- Cc: eran@hueniverse.com, www-talk@w3.org, jar@creativecommons.org
>On Wed, Dec 3, 2008 at 12:58 PM, Mark Nottingham <mnot@mnot.net> wrote: > > On 03/12/2008, at 11:32 PM, Ben Laurie wrote: > >> There are standards for XSS??? > > > > There's a de facto standard in the browsers (same origin), and these >folks > > are working towards something more formal, maybe; > > http://www.w3.org/2006/WSC/ > >Same origin policy isn't really all that much to do with cross-site >scripting, surely? > With regards to same origin policy, is there any consideration for file:/// based stuff, since there is currently an open issue in the Mozilla bug database: https://bugzilla.mozilla.org/show_bug.cgi?id=397894 If there is a w3c recommendation on how to deal with this it would be useful. Andre
Received on Wednesday, 3 December 2008 19:09:42 UTC