[OSM-dev] Website Security
Steve Coast
steve at asklater.com
Fri Nov 2 00:47:09 GMT 2007
Hi
Passing on to dev
On 1 Nov 2007, at 17:36, pagan.iKaRuS wrote:
> Hi Steve.
>
> I do not know too much about this cross site scripting stuff. But I
> think the
> mySettings page on the openstreetmap.org page can be used for this.
> Because
> you can easly introduce javascript code to your own profile page
> and read
> cookie information. As I mentioned above, I am not a javascript guy
> but I
> just add this code to your site and click on the button. script
> element needs
> to be within one line to get around this <p> element which is
> inserted to
> every line.
>
> <SCRIPT LANGUAGE="JavaScript">function MsgBox (textstring) {
> alert(textstring) }</SCRIPT>
>
> <FORM>
> <INPUT NAME="submit" TYPE=Button VALUE="Show Cookie"
> onClick="MsgBox(document.cookie)">
> </FORM>
>
> Greets mardocz
>
have fun,
SteveC | steve at asklater.com | http://www.asklater.com/steve/
More information about the dev
mailing list