[html5] r7797 - [] (0) Mention that iframe can be used for probing local network HTTP servers. ( [...]
whatwg at whatwg.org
whatwg at whatwg.org
Tue Apr 9 13:34:28 PDT 2013
Author: ianh
Date: 2013-04-09 13:34:27 -0700 (Tue, 09 Apr 2013)
New Revision: 7797
Modified:
complete.html
index
source
Log:
[] (0) Mention that iframe can be used for probing local network HTTP servers. (This could also be done with other elements, like object, I guess, but I haven't mentioned that here.)
Affected topics: HTML
Modified: complete.html
===================================================================
--- complete.html 2013-04-09 19:24:02 UTC (rev 7796)
+++ complete.html 2013-04-09 20:34:27 UTC (rev 7797)
@@ -24530,7 +24530,12 @@
<li><p>Unset <var title="">child document</var>'s <a href=#iframe-load-in-progress>iframe load in progress</a>
flag.</li>
- </ol><p>When the <code><a href=#the-iframe-element>iframe</a></code>'s <a href=#browsing-context>browsing context</a>'s <a href=#active-document>active document</a> is
+ </ol><p class=warning>This, in conjunction with scriptingy, can be used to probe the URL space of the
+ local network's HTTP servers. User agents may implement <a href=#origin title=origin>cross-origin</a>
+ access control policies that are stricter than those described above to mitigate this attack, but
+ unfortunately such policies are typically not compatible with existing Web content.</p>
+
+ <p>When the <code><a href=#the-iframe-element>iframe</a></code>'s <a href=#browsing-context>browsing context</a>'s <a href=#active-document>active document</a> is
not <a href=#ready-for-post-load-tasks>ready for post-load tasks</a>, and when anything in the <code><a href=#the-iframe-element>iframe</a></code> is <a href=#delay-the-load-event title="delay the load event">delaying the load event</a> of the <code><a href=#the-iframe-element>iframe</a></code>'s
<a href=#browsing-context>browsing context</a>'s <a href=#active-document>active document</a>, and when the <code><a href=#the-iframe-element>iframe</a></code>'s
<a href=#browsing-context>browsing context</a> is in the <a href=#delaying-load-events-mode>delaying <code title=event-load>load</code> events
Modified: index
===================================================================
--- index 2013-04-09 19:24:02 UTC (rev 7796)
+++ index 2013-04-09 20:34:27 UTC (rev 7797)
@@ -24530,7 +24530,12 @@
<li><p>Unset <var title="">child document</var>'s <a href=#iframe-load-in-progress>iframe load in progress</a>
flag.</li>
- </ol><p>When the <code><a href=#the-iframe-element>iframe</a></code>'s <a href=#browsing-context>browsing context</a>'s <a href=#active-document>active document</a> is
+ </ol><p class=warning>This, in conjunction with scriptingy, can be used to probe the URL space of the
+ local network's HTTP servers. User agents may implement <a href=#origin title=origin>cross-origin</a>
+ access control policies that are stricter than those described above to mitigate this attack, but
+ unfortunately such policies are typically not compatible with existing Web content.</p>
+
+ <p>When the <code><a href=#the-iframe-element>iframe</a></code>'s <a href=#browsing-context>browsing context</a>'s <a href=#active-document>active document</a> is
not <a href=#ready-for-post-load-tasks>ready for post-load tasks</a>, and when anything in the <code><a href=#the-iframe-element>iframe</a></code> is <a href=#delay-the-load-event title="delay the load event">delaying the load event</a> of the <code><a href=#the-iframe-element>iframe</a></code>'s
<a href=#browsing-context>browsing context</a>'s <a href=#active-document>active document</a>, and when the <code><a href=#the-iframe-element>iframe</a></code>'s
<a href=#browsing-context>browsing context</a> is in the <a href=#delaying-load-events-mode>delaying <code title=event-load>load</code> events
Modified: source
===================================================================
--- source 2013-04-09 19:24:02 UTC (rev 7796)
+++ source 2013-04-09 20:34:27 UTC (rev 7797)
@@ -25775,6 +25775,11 @@
</ol>
+ <p class="warning">This, in conjunction with scriptingy, can be used to probe the URL space of the
+ local network's HTTP servers. User agents may implement <span title="origin">cross-origin</span>
+ access control policies that are stricter than those described above to mitigate this attack, but
+ unfortunately such policies are typically not compatible with existing Web content.</p>
+
<p>When the <code>iframe</code>'s <span>browsing context</span>'s <span>active document</span> is
not <span>ready for post-load tasks</span>, and when anything in the <code>iframe</code> is <span
title="delay the load event">delaying the load event</span> of the <code>iframe</code>'s
More information about the Commit-Watchers
mailing list