On Fri, Mar 18, 2016 at 3:18 PM, Yamil <email address hidden> wrote:
> Galen, out of curiosity and for documenting what had been done (and how)
> so far, can you comment on what types of code queries you ran? In case a
> few of us run the same exact search, and thus all come up with the same
> results.
cd Evergreen
git grep target=._|grep -v target=._self
> Also, I had previously thought about making 856 tags links open in a new
> window. I suspect that is something we might want to advice against?
Same origin policy isn't enough -- opening http://example.com/malicious.html in a new window will still give
malicious code on that page access to window.opener.location and the
ability to point the source window at a different URL.
Hi,
On Fri, Mar 18, 2016 at 3:18 PM, Yamil <email address hidden> wrote:
> Galen, out of curiosity and for documenting what had been done (and how)
> so far, can you comment on what types of code queries you ran? In case a
> few of us run the same exact search, and thus all come up with the same
> results.
cd Evergreen
git grep target=._|grep -v target=._self
> Also, I had previously thought about making 856 tags links open in a new
> window. I suspect that is something we might want to advice against?
Correct.
> Finally, here is some info on one way, of many, to change for those that are curious (I was)... /developer. mozilla. org/en- US/docs/ Web/Security/ Same-origin_ policy
> https:/
Same origin policy isn't enough -- opening example. com/malicious. html in a new window will still give opener. location and the
http://
malicious code on that page access to window.
ability to point the source window at a different URL.