[tahoe-dev] Tahoe WUI enhancement suggestion

Tony Arcieri tony.arcieri at gmail.com
Tue Jun 18 01:18:52 UTC 2013


On Mon, Jun 17, 2013 at 5:37 PM, Daira Hopwood (formerly David-Sarah) <
davidsarah at leastauthority.com> wrote:

> It's not easy to make the aliases accessable from the web-UI without
>  exposing them to cross-site scripting attacks.


Can you detail how XSS against an aliases list in the WUI would work? I'd
like to think this sort of thing could be done safely, especially in modern
web browsers

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20130617/38f32dd2/attachment.html>


More information about the tahoe-dev mailing list