Cross Site Scripting
Jetpak is Public
Created By: jimk1723
Last Modified: 06/12/06


Email Jetpak

Subscribe


Jetpak Tags:
crosssitescripting security javascript

Link: http://johnvey.com/features/deliciousdirector/

Same Origin Policy Blurb

The same origin policy prevents document or script loaded from one origin, from getting or setting properties from a of a document from a different origin.

Mozilla defines the origin as the substring of a URL that includes protocol://host where host includes the optional :port part. To illustrate, this table gives examples of origin comparisons to the URL http://company.com/dir/page.html .

URL Outcome Reason 
http://company.com/dir2/other.html
 Success 
http://company.com/dir/inner/another.html
 Success 
http://www.company.com/dir/other.html
 Failure Different domain 
file://D|/myPage.htm
 Failure Different protocol 
http://company.com:80/dir/etc.html
 Failure Different port

From: http://www.mozilla.org/projects/security/components/jssec.html

Link: http://www.mozilla.org/projects/security/components/jssec.html

Link: http://www.mozilla.org/projects/security/components/signed-scripts.html

Link: http://www.cgisecurity.com/articles/xss-faq.shtml





ADVERTISING