Am 03.07.2011 02:42, schrieb Sam Varshavchik:
> What you're missing is that a remote server's ability to instruct your web > browser to open the contents of file:/// > URL is limited to precisely that: your web browser opening and displaying the > contents of file:///. The remote > server's javascript has no means of accessing the contents of file:///. Once > your web browser opens file:///, the > previous page from the remote server is closed, together with all the > javascript that was in it. > > If file:/// gets opened in a separte window or a tab, as can be done, the > javascript running from another window or > tab still has no means of accessing the contents of another scope, as well. > Javascript can only access resources > that originate from the same scope. > > This is a well-understood security model. There have been isolated instances > in the past, where flaws were > discovered in some individual browser's security model that allowed some > mechanism for running Javascript to access > content from another scope; occasionally a common flaw was found that was > shared by several browsers. > > Barring your wonderrouter leveraging some hereto unknown security exploit, > all that your wonderrouter is doing is > the equivalent of the HTML that reads > > <a href="file:///">Y0U h4ve b33n p0wned</a> my conclusion is that JD is one of two types of people: * troll starting useless flamewar * learning resistent idiot without any technical understanding in the worst case both of it
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
