Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: xmlhttprequest not doing anything?

On Oct 21, 2005, at 2:43 AM, Maciej Stachowiak wrote:

Is anybody actually using xmlhttprequest in a WebView? xmlhttprequest was the subject of a CAN advisory in May, but it is available to Dashboard scripts and also works for me in Safari, contrary to the docs (http://developer.apple.com/internet/ webcontent/xmlhttpreq.html) stating that it won't go across domains no less.


If you can do a cross-domain XMLHttpRequest in Safari, then this is a serious security issue. Do you have code that demonstrates the exploit?

No, I was thinking localhost counted as a domain... (firefox doesn't allow this without user confirmation).


(Note: from a local file HTML document accessed via a file: URL you can make an XMLHttpRequest to anywhere on the net.)

this is the confirmation I needed to hear. Thanks, it is working for me now.

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webkitsdk-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webkitsdk-dev/email@hidden

This email sent to email@hidden
References: 
 >xmlhttprequest not doing anything? (From: Troy Dawson <email@hidden>)
 >Re: xmlhttprequest not doing anything? (From: Maciej Stachowiak <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.