On Fri, Jun 02, 2006 at 01:08:55PM +0100, Michael Rogers wrote: > Matthew Toseland wrote: > >Wouldn't that require think-cash or something? A script can open the > >/darknet page in an iframe, submit the form, then submit the > >confirmation? > > AFAIK scripts can't read the contents of frames that come from different > domains, so as long as the form contains a unique value the script won't > be able to submit a valid response.
So not only can it not read a frame from a different domain, it can't open one in a hidden iframe and then submit it either? So all we have to do is, as I said, reconfirm such actions - but make sure that we have a random value in a hidden field. Cool. Will implement in the next 2 hours. > > Cheers, > Michael -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so.
signature.asc
Description: Digital signature
_______________________________________________ Devl mailing list [email protected] http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
