[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Re: Javascript and plugging holes
On Dec 12, 2010, at 19:02, Kurt Cagle wrote: > Sorry for the follow-up post here so soon after the other one, but I wanted to make a correction regarding cross domain XML. > > The cross domain issues of XML come about once that XML is inserted into the active DOM of a given document - if I were to load XML that contained inline JavaScript, for instance, into the DOM such that it was evaluated, then such XML would obviously be a security hole. That's not *at all* what the Same-Origin restriction on XHR is about. The Same-Origin Policy isn't protecting the origin that uses XHR. It is protecting another origin that hosts XML from getting its confidential information leaked to the origin that uses XHR. -- Henri Sivonen hsivonen@iki.fi http://hsivonen.iki.fi/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|