There is some security issue you might have an eye on. I don't know if there is an effective way for protection in this case. Please check http://www.heise.de/security/artikel/Pa ... 0910.html# There is a link named "demo" (In the first paragraph captioned with "Eine kleine Demo") - click it and you get to a site where you are asked to enter username and password - do so and the calling site will show you the password. It is a simple trick, I dont know if you are aware of this and able to implement protection against it in NoScript
Thanx for NoScript, anyway
Greetings
Karl
cross-site-scripting gap
cross-site-scripting gap
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0
-
Giorgio Maone
- Site Admin
- Posts: 9527
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: cross-site-scripting gap
Actually, NoScript has been the very first tool to provide protection against XSS (notice that Heise's demo is not correct, because it's not cross-site).
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0