Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-referer-checker.nse
From: George Chatzisofroniou <sophron () latthi com>
Date: Thu, 18 Jul 2013 18:00:12 +0300

On Sun, Jun 23, 2013 at 06:31:06PM +0300, George Chatzisofroniou wrote:
The attached script informs about cross-domain include of scripts.
Websites that include external javascript scripts are delegating part
of their security to third-party entities since that included code has
full client-side power and can do whatever it wants (like steal
document.cookie or send malicious AJAX requests). So, it's important
for developers to never include a javascript file from a domain they
don't trust.

Commited as revision r31418.

George Chatzisofroniou
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
  • Re: [NSE] http-referer-checker.nse George Chatzisofroniou (Jul 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]