[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: XInclude: security risk 1
>How bad is this? Does this do anything a hacker can't do with IMG >tags or external entity references now? I do think this is worse than >those cases because fallbacks let the result of the load be >communicated back to the original host (or a different one). That's an interesting point. You may be able to obtain some feedback with entity references too, since if the entity reference fails in some way then the rest of the document may not be processed, including later entity references. But the XInclude case may be more useful, depending on exactly what circumstances the processor falls back or aborts. >Combined with JavaScript and DHTML, this attack could become a lot >more effective. If the browser exposes the post-include DOM to any >such technology, then this would allow the remote site to gather >information from normally restricted pages on the Intranet. This on the other hand seems to be exactly the same as the entity reference case: my Javascript looking at a DOM with your file:///whatever XIncluded is no worse than looking at a DOM with your file:///whatever entity expanded. Maintainers of web-based validators should worry about the same problem. -- Richard
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|