On Fri, Jun 02, 2006 at 01:08:55PM +0100, Michael Rogers wrote: > Matthew Toseland wrote: > >Wouldn't that require think-cash or something? A script can open the > >/darknet page in an iframe, submit the form, then submit the > >confirmation? > > AFAIK scripts can't read the contents of frames that come from different > domains, so as long as the form contains a unique value the script won't > be able to submit a valid response.
So not only can it not read a frame from a different domain, it can't open one in a hidden iframe and then submit it either? So all we have to do is, as I said, reconfirm such actions - but make sure that we have a random value in a hidden field. Cool. Will implement in the next 2 hours. > > Cheers, > Michael -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060602/880b807a/attachment.pgp>
