OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: How to prevent malicious linking/posting to webapps?
From: Pluto (plutoSTDERR.DE)
Date: Tue Sep 12 2000 - 14:02:56 CDT


On Mon, Sep 11, 2000 at 11:24:50PM +0200, Bluefish (P.Magnusson) wrote:

> Btw, any javascript expert know what happens when you have an 100%x100%
> frame, and you, as an example, add a site such as hotmail.com in the
> frame's URL? Wouldn't the script be able to extract information such as
> current URL in the frame?

  If the frame is not owned by the script (same site) then it will not be
able to read any information from it. In theory. As Guninsky has pointed
out a few times it is sometimes possible, depending on the browser and
it's version.

  Cheers

  Christoph Puppe

--
  /* Defcom Security GmbH     ||  Net:    www.defcom-sec.de      */
  /* Arndtstr. 34             ||  Tel:    +49-30-61650-0         */
  /* D-10965 Berlin           ||  Fax:    +49-30-61650-555       */