[OSM-dev] Website Security

Steve Coast steve at asklater.com
Fri Nov 2 00:47:09 GMT 2007


Hi

Passing on to dev

On 1 Nov 2007, at 17:36, pagan.iKaRuS wrote:

> Hi Steve.
>
> I do not know too much about this cross site scripting stuff. But I  
> think the
> mySettings page on the openstreetmap.org page can be used for this.  
> Because
> you can easly introduce javascript code to your own profile page  
> and read
> cookie information. As I mentioned above, I am not a javascript guy  
> but I
> just add this code to your site and click on the button. script  
> element needs
> to be within one line to get around this <p> element which is  
> inserted to
> every line.
>
> <SCRIPT LANGUAGE="JavaScript">function MsgBox (textstring) {
> alert(textstring) }</SCRIPT>
>
> <FORM>
> <INPUT NAME="submit" TYPE=Button VALUE="Show Cookie"
> onClick="MsgBox(document.cookie)">
> </FORM>
>
> Greets mardocz
>

have fun,

SteveC | steve at asklater.com | http://www.asklater.com/steve/






More information about the dev mailing list