Revision: 3674
Author: jasvir
Date: Mon Aug 31 11:14:03 2009
Log: Edited wiki page through web user interface.
http://code.google.com/p/google-caja/source/detail?r=3674
Modified:
/wiki/AttackVectors.wiki
=======================================
--- /wiki/AttackVectors.wiki Mon Dec 8 20:30:49 2008
+++ /wiki/AttackVectors.wiki Mon Aug 31 11:14:03 2009
@@ -49,3 +49,4 @@
* DocTypesCanInjectUnsanitizedContent -- DOCTYPEs can define entities
which can inject unsanitized script or markup.
* EventChecksCircumventableByInfLoops -- Invariants preserved by event
handlers can be circumvented by causing the browser to turn off javascript.
* IdAndNameMasking -- Members of {{{HtmlCollection}}},
{{{HTMLFormElement}}}, etc. masked by ids&names
+ * UrlFetchingSideChannel -- Side-channels from unproxied connections
leak information across closed networks
