[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ProgSoc] Cross site scripting



Roland Turner wrote:
It's not what you asked for, by why not proxy the live data at
test.example.org? Then the whole problem goes away.
Yep, that's what I've done. (Kinda... what I actually did was write some 
server side proxies that in turn used XmlHttpRequest (I'm on IIS w/ 
Classic ASP) to grab the live data via HTTP and convert it from CSV to 
JSON. Now that I've defined a JSON interface I can have the data-vendor 
support that for greater efficiency down the track.)
Along the way I discovered that extjs supports cross site scripting with 
ScriptTagProxy [1].
Also read a little about XSS [2] and the same origin policy [3].

[1] http://extjs.com/deploy/ext/docs/output/Ext.data.ScriptTagProxy.html
[2] http://en.wikipedia.org/wiki/XSS
[3] http://en.wikipedia.org/wiki/Same_origin_policy











-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@xxxxxxxxxxxxxxxxxxx
If you are having trouble, ask owner-progsoc@xxxxxxxxxxxxxxxxxx for help.