Pages: 12
[color=blue][b]Description:[/b][/color] Actually our current js linker, especially the one on the current generator has a security hole that makes people be able put some kinda malicious script by ins
You are viewing a post by switpotato. View all 27 posts in [color=blue][b]Description:[/b][/color] Actually our current js linker, especially the one on the current generator has a security hole that makes people be able put some kinda malicious script by ins.
2008-06-29 01:21:41
- switpotato
- » FTalkGeek
1027
0
1969-12-31
[color=blue][b]Description:[/b][/color] Actually our current js linker, especially the one on the current generator has a security hole that makes people be able put some kinda malicious script by ins
[quote=November]Notice this part on the generated code..
<a href='URL OF JS' id='cradle'></a>
that's the thing.. u can actually insert the same id on comment usually by inserting fake image with js on it.[/quote]
i dont really understand this part how come a link can execute js...
aint that incomplete...
and since script cant be read without any convertion since fs filtered that part...
i think theres nothing to worry unless some wicked
individuals will try to find out.. but since this thread is open.. then u juz gave away a hint...
 |