![]() It does significantly thin the herd of people who can successfully execute even that XSS hack against you though. It appears that Wikipedia and ha.ckers concur with me on this one, but I would love be re-educated. With HTTP-Only cookies, the second step would be impossible, thereby defeating my XSS attempt.Įdit 4: Sorry, I meant that you could send the XMLHttpRequest to the StackOverflow domain, and then save the result of getAllResponseHeaders() to a string, regex out the cookie, and then post that to an external domain.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |