On Sun, Jul 13, 2008 at 08:49:38PM +0200, martin f krafft wrote: > also sprach Mike Hommey <[EMAIL PROTECTED]> [2008.07.13.2029 +0200]: > > Your normal user account can surely read *your* data. > > Depends. Anyway, that malicious script would have to know where to > find it. > > Also, I find it hard to believe that a JS script couldn't work > around this and populate the field.
It may be hard to believe, but that's how it does work. Except maybe priviledged javascript can... Anyways, I guess there might be ways to get the behaviour you want via xbl or other hack... maybe there's already an extension to do just that, who knows... Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

