[prev in list] [next in list] [prev in thread] [next in thread]
List: kopete-devel
Subject: Re: [kopete-devel] Adium_JS
From: Jason Keirstead <jason () keirstead ! org>
Date: 2005-02-18 12:25:50
Message-ID: 200502180825.50481.jason () keirstead ! org
[Download RAW message or body]
On Friday 18 February 2005 5:02 am, Will Stephenson wrote:
> I may be a big fraidy cat, but this looks like this is potentially a bigger
> security risk than can be dismissed with "we escape the tags" - is our tag
> escaping code bulletproof?
It doesn't matter much from my viewpoint - assuming our escaping doe snot work
at all and they cna send raw scripting event s- the absolute worstt hey coudl
do to yoru PC is clear the chat window using document.body.innerHTML = "".
Even then it would come back if you refreshed the style...
You can't do very much with JavaScript. I thas no file I/O, no off-site
network I/O *by that I mean if you create an XMLHttpRequest, it cannot send r
recieve data to any machine other than the domain of the script - in this
case, localhost).
So maybe, they could read a file in your ~/ and print it out into your chat -
but no one else, including the scripter, could see it, so why would he
bother?
--
If you wait by the river long enough, eventually
you will see the bodies of all your enemies float by.
- Sun Tzu
_______________________________________________
kopete-devel mailing list
kopete-devel@kde.org
https://mail.kde.org/mailman/listinfo/kopete-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic