Is there away to let the owners of the greatfirewallofchina.org site know about the possible problems and make suggestions to them on a better solution? I'd be down for adding a banner to my site, when I finish my site, as well. But I too think it'd be nicer to just be able to add some picture or something, rather than linking to a third-party site and using their javascript code.
On Sat, Jun 18, 2016 at 5:21 AM, Dan Fandrich <[email protected]> wrote: > On Sat, Jun 18, 2016 at 10:52:05AM +0200, Gisle Vanem via curl-library > wrote: > > Dan Fandrich wrote: > > > > > I think it's ironic that not only does this protest requires loading > arbitrary > > > Javascript from a third-party site, but it's served unencrypted and > > > unauthenticated and is therefore vulnerable to active manipulation by a > > > malicious party while in transit. > > > > Why is this so ironic? You're not trusting the firewall > > status of China is accurate? > > The problem is that someone adding this banner opens up a massive security > hole > in his site the size of, oh, I don't know, the Great Wall of China maybe. A > hole that can be trivially exploited by a malicious state actor to inject > arbitrary Javascript code into the browser of any targeted visitor to that > site. > > >>> Dan > ------------------------------------------------------------------- > List admin: https://cool.haxx.se/list/listinfo/curl-library > Etiquette: https://curl.haxx.se/mail/etiquette.html >
------------------------------------------------------------------- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
