[buug] !*%@ javascript
Rick Moen
rick at linuxmafia.com
Tue Jul 24 13:40:18 PDT 2012
Quoting Ian Zimmerman (itz at buug.org):
> That works for the tracking subproblem, but that is the easier part to
> solve. I am also (and more) worried about actual exploits such as XSS
> and CSRF.
When you say 'actual exploits', I hope you realise that cross-site
scripting attacks are not attacks against the Web browsing user, but
rather against Web sites using the user as vector for the attack.
So, although as a good citizen on the Internet, you have a general
incentive to not be a means for doing harm to others, you are not
yourself, personally, at risk from this category of mayhem.
Cross-site request forgeries are, by contrast, more of a direct user
threat. But that's what RequestPolicy is for.
More information about the buug
mailing list