On Sun, 2008-09-21 at 14:29 +0200, Lupus Michaelis wrote: > Maciek Sokolewicz a écrit : > > > Your xss answer is moot. XSS attacks can (almost) just as easily be > > performed via POST as they can via GET. > > No, because you can't click on a link that make a post. Maybe on > unsecured browser that allows Xhr (and a POST so) on every sites on the > Internet. > > -- > Mickaël Wolff aka Lupus Michaelis > http://lupusmic.org > No, but it is very simple to spoof a POST request. It's not unknown for people to tamper with the outgoing POST request sent from the browser as well.
Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
