Simon Willison’s Weblog

Items tagged flash, javascript in 2008

Filters: Year: 2008 × flash × javascript ×


Crossdomain.xml Invites Cross-site Mayhem. A useful reminder that crossdomain.xml files should be treated with extreme caution. Allowing access from * makes it impossible to protect your site against CSRF attacks, and even allowing from a “circle of trust” of domains can be fatal if just one of those domains has an XSS hole. # 15th May 2008, 8:06 am

Types

Years

Months

Tags