good chemistry is complicated, and a little bit messy -LW |
|
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
About petrucio's password hash hack... It is not so bad because it only shows the encrypted pwd and can only access cookies related to Perlmonks. With current JS security, I believe that unless you send email messages, you can only talk to the server the page came from.If I can display your cookie to you, I can send it to me. If I can get your cookie, I can login as you. I'm not sure what is allowed nowadays in scripts on home nodes, and I didn't go check the script in question (I'm pretty sure Petruchio is *not* sending it anywhere anyways) but the above should be true unless someone actually took a lot of time parsing and allowing certain js commands and not others. :) You have moved into a dark place. It is pitch black. You are likely to be eaten by a grue. In reply to Re(3): Filtering potentially dangerous URI schemas in <a href="...">
by Dog and Pony
|
|