On Tue, 13 Feb 2007, Marcus Rueckert wrote:
On 2007-02-13 14:02:57 +0100, Dirk Stoecker wrote:
Hmm. That can make lots of security trouble I think.
why? what kind of scenarios do you have in mind?
Nothing special. But cross-site scripting would be probably possible when using referers. I tend to be a bit paranoid when thinking about web applications. To many things can happen when not carefully designed.
Also what do you do, when the previous page was dynamic and reloading is not one of the best ideas.
what kind of scenarios do you have in mind? i think the same could happen with your explicit jump targets aswell. no?
No. The explicit jump target is no real target, but a symolic "hint". The place, where redirect happens must know the target or it is ignored. So to get trouble with dynamic pages you need to program the trouble first :-) Ciao -- http://www.dstoecker.eu/ (PGP key available) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org