[Kazehakase-devel 2935] Re: CVE-2007-1084 bookmarklets cross-site info disclosure

Zurück zum Archiv-Index

Yavor Doganov yavor****@gnu*****
2009年 11月 16日 (月) 01:14:40 JST


Явор Доганов wrote:
> > ... But when bookmarking the uri, the user is seeing the uri once
> > anyway?
> 
> Yes.  The problem is when (the common case) the user is not familiar
> with the implications.

Also, it appears that there are cases when the website can spawn a
dialog inviting the user to bookmark the page, so it is not 100%
certain that the URI will be visible.  I'm not even sure this works
with Kz; I don't recall ever visiting such a nefarious webpage.




Kazehakase-devel メーリングリストの案内
Zurück zum Archiv-Index