2008/11/12 Felix <[EMAIL PROTECTED]> > > Mike Samuel wrote: > > I don't understand the details of how autocomplete can be exploited. Do > > you know of any documentation on this? > > browser autocomplete is keyed on domain of page and name of form field. > if gadget 1 and gadget 2 are inlined in a page, or served from the same > iframe domain, then they'll be in the same autocomplete context, and > gadget 2 can read gadget 1's autocomplete values. > > I think most autocomplete requires human intervention of some sort. > I don't really understand all the behavior yet, but most of that > seems harmless. > > the cases that bother me: > > * user might say "yes, remember name and password" for gadget 1 without > realizing that the browser doesn't really know to associate the values > with gadget 1 instead of gadget 2. this feels like a real issue. > > * filled-in values might be readable with a history attack. this seems > hard to make a real exploit, this might not be a real issue. > > > What is the property we would want to enforce? > > I think I'd like to enforce autocomplete=off for all cajoled forms and > cajoled form inputs. that sidesteps the problem of "what if this input > changes type?" >
What about an input that the gadget is passed that was not created by DOMita or html-sanitizer, such that the gadget is capable of modifying the type|name? > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to http://groups.google.com/group/google-caja-discuss To unsubscribe, email [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
