MozillaWiki

Talk:Security/CSP/Spec: Difference between revisions

Page Discussion

Talk:Security/CSP/Spec (view source)

Revision as of 23:51, 12 August 2009

356 bytes added ,  12 August 2009
→‎frame-src Consistent Across Navigation (OPEN)
Line 222: Line 222:


-[[User:Sidstamm|Sid]]
-[[User:Sidstamm|Sid]]
Once you XSS any page, can't you just XHR the a/c data page and get the data? Or you are saying that the A/C data page would have required the user to reenter his password ? I just think this case then becomes too contrived/obscure for CSP to take care off -- any such really sensitive page just shouldn't have a iframe from other page imho. --duryodhan


== <strike>video and audio src</strike> ==
== <strike>video and audio src</strike> ==
Duryodhan
21

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/161784"